We just raised a $30M Series A: Read our story

Compare Sonatype Nexus Firewall vs. Spirent CyberFlood

Cancel
You must select at least 2 products to compare!
Veracode Logo
61,411 views|33,718 comparisons
Spirent CyberFlood Logo
1,192 views|747 comparisons
Featured Review
Find out what your peers are saying about SonarSource, Veracode, Sonatype and others in Application Security. Updated: November 2021.
553,954 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"Another feature of Veracode is that they provide e-learning, but the e-learning is not basic, rather it is quite advanced... in the e-learning you can check into best practices for developing code and how to prevent improper management of some component of the code that could lead to a vulnerability. The e-learning that Veracode provides is an extremely good tool.""Veracode is a valuable tool in our secure SDLC process.""Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers.""The time savings has been tremendous. We saw ROI in the first six months.""The source composition analysis component is great because it gives our developers some comfort in using new libraries.""Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability.""The most valuable features are that you can do static analysis and dynamic analysis on a scheduled basis and that you can push the findings into JIRA.""The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end."

More Veracode Pros »

"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."

More Sonatype Nexus Firewall Pros »

"Our customers use it to check for unauthorized file transfer."

More Spirent CyberFlood Pros »

Cons
"Another problem we have is that, while it is integrated with single sign-on—we are using Okta—the user interface is not great. That's especially true for a permanent link of a report of a page. If you access it, it goes to the normal login page that has nothing that says "Log in with single sign-on," unlike other software as a service that we use. It's quite bothersome because it means that we have to go to the Okta dashboard, find the Veracode link, and log in through it. Only at that point can we go to the permanent link of the page we wanted to access.""When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""The policies you have, where you can tune the findings you get, don't allow you not to file tickets about certain findings. It will always report the findings, even if you know you're not that concerned about a library writing to a system log, for example. It will keep raising them, even though you may have a ticket about it. The integration will keep updating the ticket every time the scan runs.""The ideal situation in terms of putting the results in front of the developers would be with Veracode integration into the developer environment (IDE). They do have a plugin, which we've used in the past, but we were not as positive about it.""The pricing for qualified startups such as Neo4j could be improved.""There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed.""Sometimes the scans are not done quickly, but the solutions that it provides are really good. The quality is high, but the analysis is not done extremely quickly."

More Veracode Cons »

"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."

More Sonatype Nexus Firewall Cons »

"I would also like to see updates on a more frequent schedule."

More Spirent CyberFlood Cons »

Pricing and Cost Advice
"Veracode's price is high. I would like them to better optimize their pricing.""We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive.""It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent.""Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive.""Licensing cost is on a yearly basis and there are no additional costs, the pricing is straightforward.""For the value we get out of it, coupled with the live defect review sessions, we find it an effective value for the money. We are a larger organization.""The pricing is really fair compared to a lot of other tools on the market.""From a cost perspective, it seems okay, although we will probably evaluate alternatives next time it's up for renewal because for us, it's a relatively high cost, and we want to make sure that we are using our resources most appropriately."

More Veracode Pricing and Cost Advice »

"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."

More Sonatype Nexus Firewall Pricing and Cost Advice »

Information Not Available
report
Use our free recommendation engine to learn which Application Security solutions are best for your needs.
553,954 professionals have used our research since 2012.
Questions from the Community
Top Answer: SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
Top Answer: The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the… more »
Top Answer: Veracode is very, very expensive, one of the most expensive security scanning tools available. We pay an annual license… more »
Top Answer: Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes… more »
Top Answer: The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive. There are no costs in… more »
Top Answer: With the security concerns around open source, the management and vulnerability scanning, it's relatively new. In… more »
Ask a question

Earn 20 points

Comparisons
Also Known As
Nexus Firewall
CyberFlood Virtual, Spirent Mu Dynamics Application Security Testing, Mu Dynamics Application Security Testing
Learn More
Overview

Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

Nexus Firewall is a perimeter quality control for software development. Similar to a network firewall, it leverages rules you define that automatically shield you from unacceptable software components entering and another set for stopping them from exiting your application development.

Spirent’s revolutionary CyberFlood security and application testing solution is now available as a virtual platform offering you simplified use, by consolidating multiple test functions into a completely virtual test environment.

Offer
Keep your software secure

Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

Learn more about Sonatype Nexus Firewall
Learn more about Spirent CyberFlood
Sample Customers
State of Missouri, Rekner
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Digicel
Top Industries
REVIEWERS
Financial Services Firm30%
Computer Software Company12%
Insurance Company9%
Healthcare Company7%
VISITORS READING REVIEWS
Computer Software Company30%
Comms Service Provider16%
Financial Services Firm10%
Manufacturing Company6%
VISITORS READING REVIEWS
Computer Software Company24%
Comms Service Provider16%
Financial Services Firm12%
Government9%
VISITORS READING REVIEWS
Comms Service Provider37%
Computer Software Company19%
Manufacturing Company10%
Government4%
Company Size
REVIEWERS
Small Business24%
Midsize Enterprise25%
Large Enterprise51%
VISITORS READING REVIEWS
Small Business24%
Midsize Enterprise31%
Large Enterprise45%
No Data Available
No Data Available
Find out what your peers are saying about SonarSource, Veracode, Sonatype and others in Application Security. Updated: November 2021.
553,954 professionals have used our research since 2012.

Sonatype Nexus Firewall is ranked 16th in Application Security with 1 review while Spirent CyberFlood is ranked 22nd in Application Security with 1 review. Sonatype Nexus Firewall is rated 8.0, while Spirent CyberFlood is rated 0.0. The top reviewer of Sonatype Nexus Firewall writes "Significantly decreases our time to market for secure apps by automating open source approval". On the other hand, the top reviewer of Spirent CyberFlood writes "Analyzes network security or even existing processes". Sonatype Nexus Firewall is most compared with JFrog Xray, Black Duck, Snyk, WhiteSource and Checkmarx, whereas Spirent CyberFlood is most compared with Ixia BreakingPoint, Ixia BreakingPoint VE and Acunetix by Invicti.

See our list of best Application Security vendors.

We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.