We performed a comparison between SonarQube and Sonatype Repository Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has very good scalability and stability."
"SonarQube has a lot of value, it reviews the basic coding standards and security vulnerabilities of code that help to reduce issues."
"We advise all of our developers to have this solution in place."
"This solution has helped with the integration and building of our CICD pipeline."
"All the features of the solution are quite good."
"The features of SonarQube that I find most valuable for identifying code smells are its comprehensive code analysis capabilities, which cover various aspects of code sustainability."
"The solution is stable."
"It provides the security that is required from a solution for financial businesses."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"We did have some trouble with the LDAP integration for the console."
"Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of features are missing. If we want to rescan something from a particular point that is a feature that is also missing. It’s in our queue. That will hopefully save a lot of time."
"We had some issues where the Quality Gate check sometimes gets stuck and it is unclear."
"This is a well-rounded solution, however, some features could be made available on the free version. The price of the solution could be reduced."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"If there was an official Docker image of SonarQube that could easily integrate into the pipeline would help the user to plug in and plug out and use it directly without any custom configuration. I am not sure if this is being offered already in an update but it would be very helpful."
"It would be a great add-on if SonarQube could update its database for vulnerabilities or plugging parts."
"The tool needs to improve its file systems. The product should also include zero test feature."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
SonarQube is ranked 1st in Application Security Tools with 108 reviews while Sonatype Repository Firewall is ranked 31st in Application Security Tools with 3 reviews. SonarQube is rated 8.0, while Sonatype Repository Firewall is rated 8.4. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and Snyk, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, GitHub, Black Duck and Snyk. See our SonarQube vs. Sonatype Repository Firewall report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.