JFrog Xray vs Sonatype Repository Firewall comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between JFrog Xray and Sonatype Repository Firewall based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed JFrog Xray vs. Sonatype Repository Firewall Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"JFrog Xray's reporting feature has a lot of options in it, including scanning.""Good reporting functionalities.""The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy.""The solution is stable and reliable.""I would say that this solution has helped our organization by allowing us to automate a lot of the processes.""If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first.""JFrog Xray shows us a list of vulnerabilities that can impact our code."

More JFrog Xray Pros →

"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you.""The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."

More Sonatype Repository Firewall Pros →

Cons
"JFrog Xray does not have a dashboard.""Lacks deeper reporting, the ability to compare things.""JFrog Xray's documentation and error logging could be improved.""The speed of JFrog Xray should improve. Other solutions have better performance.""I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images.""Since we have been using the solution via APIs, there are some limitations in the APIs.""Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."

More JFrog Xray Cons →

"The tool needs to improve its file systems. The product should also include zero test feature.""What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."

More Sonatype Repository Firewall Cons →

Pricing and Cost Advice
Information Not Available
  • "The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."
  • More Sonatype Repository Firewall Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first.
    Top Answer:We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to… more »
    Top Answer:We use JFrog Xray mostly for container scanning.
    Top Answer:The product's network and intrusion protection features are valuable. It also has rules and compliance features for security.
    Top Answer:The licensing is quite reasonable, I believe. I do see that it adds value. It means whatever part you want to use, you can just use that part and pay for that. I think the licensing is fair enough… more »
    Top Answer:The product helps with vulnerability and security assessment. It also helps with assessment at the configuration level.
    Ranking
    Views
    5,837
    Comparisons
    4,379
    Reviews
    5
    Average Words per Review
    466
    Rating
    8.2
    Views
    1,075
    Comparisons
    518
    Reviews
    2
    Average Words per Review
    531
    Rating
    8.5
    Comparisons
    Also Known As
    JFrog Security Essentials
    Sonatype Nexus Firewall, Nexus Firewall
    Learn More
    Overview

    JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

    If you are a team player and you care and you play to WIN, we have just the job you're looking for.

    As we say at JFrog: "Once You Leap Forward You Won't Go Back!"​

    Sonatype Repository Firewall is a cloud-based security solution designed to safeguard your software supply chain against malicious components. It operates by meticulously scanning and evaluating each new component against customized governance policies, thereby effectively identifying and blocking potential threats before they infiltrate your development pipeline. What sets Sonatype Repository Firewall apart is its user-friendly setup, seamless integration with existing workflows, and remarkable scalability, making it suitable for software development environments of any size. Key features include blocking malicious components through behavioral analysis, malware scanning, and vulnerability assessment, as well as the ability to enforce custom governance policies. By utilizing this tool, organizations can enhance their software supply chain security, mitigate risks related to supply chain attacks, bolster compliance with industry standards, and ultimately reduce costs associated with security incidents. 

    Offer
    Try it Now

    Enjoy a free DevOps platform cloud subscription

    Learn more about Sonatype Repository Firewall
    Sample Customers
    google, amazon, cisco, netflix, oracle, vmware, facebook
    EDF, Tomitribe, Crosskey, Blackboard, Travel audience
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm23%
    Manufacturing Company14%
    Computer Software Company12%
    Insurance Company6%
    VISITORS READING REVIEWS
    Financial Services Firm33%
    Government9%
    Computer Software Company6%
    Insurance Company5%
    Company Size
    REVIEWERS
    Midsize Enterprise29%
    Large Enterprise71%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise11%
    Large Enterprise76%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise11%
    Large Enterprise74%
    Buyer's Guide
    JFrog Xray vs. Sonatype Repository Firewall
    March 2024
    Find out what your peers are saying about JFrog Xray vs. Sonatype Repository Firewall and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    JFrog Xray is ranked 7th in Software Composition Analysis (SCA) with 7 reviews while Sonatype Repository Firewall is ranked 12th in Software Composition Analysis (SCA) with 3 reviews. JFrog Xray is rated 8.2, while Sonatype Repository Firewall is rated 8.4. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". JFrog Xray is most compared with Black Duck, Snyk, Veracode, Mend.io and Sonatype Lifecycle, whereas Sonatype Repository Firewall is most compared with Cisco Secure Firewall, GitHub, Black Duck, Veracode and GitLab. See our JFrog Xray vs. Sonatype Repository Firewall report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.