Compare Sonatype Nexus Firewall vs. Veracode Software Composition Analysis

You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Sonatype, Snyk, WhiteSource and others in Software Composition Analysis (SCA). Updated: May 2021.
501,151 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pricing and Cost Advice
Information Not Available
"The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."

More Sonatype Nexus Firewall Pricing and Cost Advice »

"Without getting too specific, I'd say the average yearly cost is around $50,000. The costs include licensing and maintenance support.""The Veracode price model is based on application profiles, which is how you package your components for scanning.""Compared to other similar products, the licensing and pricing are definitely competitive. If you see Checkmarx as the market leader, then we are talking about Veracode being a fraction of the cost. You also have to consider your hidden costs: you need a team to maintain it, a server, and resources. From that point of view, Veracode is great because the cost is really a fraction of many competitors."

More Veracode Software Composition Analysis Pricing and Cost Advice »

Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
501,151 professionals have used our research since 2012.
Questions from the Community
Ask a question

Earn 20 points

Top Answer: Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes… more »
Top Answer: The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive. There are no costs in… more »
Top Answer: With the security concerns around open source, the management and vulnerability scanning, it's relatively new. In… more »
Top Answer: There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an… more »
Top Answer: Checkmarx is a very good solution and probably a better solution than Veracode, but it costs four times as much as… more »
Top Answer: The scanning could be improved, because some scans take a bit of time. Many developers have commented on the packaging… more »
Popular Comparisons
Also Known As
Nexus Firewall
Veracode SCA, SourceClear
Learn More

At Accurics™, we envision a world where organizations can innovate in the cloud with confidence. Our mission is to enable cyber resilience through self-healing as organizations embrace cloud native infrastructure. The Accurics platform self-heals cloud native infrastructure by codifying security throughout the development lifecycle. It programmatically detects and resolves risks across Infrastructure as Code before infrastructure is provisioned, and maintains the secure posture in runtime by programmatically mitigating risks from changes. Accurics enables organizations of all sizes to achieve cloud cyber resilience through free cloud-based and open source tools such as Terrascan™.

Nexus Firewall is a perimeter quality control for software development. Similar to a network firewall, it leverages rules you define that automatically shield you from unacceptable software components entering and another set for stopping them from exiting your application development.

Veracode Software Composition detects open source vulnerabilities in the software development process with higher accuracy. Veracode SCA reduces false positives by prioritizing vulnerabilities in the execution path of the application. Its proprietary database contains significantly more vulnerabilities than the NVD because it datamines pull requests, bug reports, and release notes. It also looks for vulnerabilities in dependencies several layers deep. Veracode SCA is part of a comprehensive DevSecOps solution that covers multiple assessment types, enables developers, and helps organizations achieve AppSec governance.

Learn more about Accurics
Learn more about Sonatype Nexus Firewall
Learn more about Veracode Software Composition Analysis
Sample Customers
Automation Anywhere, NBA, GroundTruth, ServiceMax, Navis, Edcast
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Blue Prism, Advantasure, Automation Anywhere, Cox Automotive
Top Industries
Computer Software Company27%
Comms Service Provider15%
Financial Services Firm13%
Manufacturing Company6%
Computer Software Company24%
Comms Service Provider21%
Financial Services Firm9%
Insurance Company9%
Computer Software Company38%
Comms Service Provider11%
Financial Services Firm9%
Company Size
Small Business15%
Midsize Enterprise14%
Large Enterprise71%
No Data Available
Small Business44%
Midsize Enterprise22%
Large Enterprise33%
Find out what your peers are saying about Sonatype, Snyk, WhiteSource and others in Software Composition Analysis (SCA). Updated: May 2021.
501,151 professionals have used our research since 2012.

Sonatype Nexus Firewall is ranked 8th in Software Composition Analysis (SCA) with 1 review while Veracode Software Composition Analysis is ranked 7th in Software Composition Analysis (SCA) with 8 reviews. Sonatype Nexus Firewall is rated 8.0, while Veracode Software Composition Analysis is rated 7.8. The top reviewer of Sonatype Nexus Firewall writes "Significantly decreases our time to market for secure apps by automating open source approval". On the other hand, the top reviewer of Veracode Software Composition Analysis writes "Provides extensive guidance for writing secure code and pointing to vulnerable open source libraries". Sonatype Nexus Firewall is most compared with JFrog Xray, Black Duck, Snyk, Checkmarx and HCL AppScan, whereas Veracode Software Composition Analysis is most compared with Black Duck, JFrog Xray, Snyk, WhiteSource and Sonatype Nexus Lifecycle.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.