We performed a comparison between Sonatype Repository Firewall and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"I contacted the solution's technical support during the automation part, and it went well, after which I never faced any issues."
"The most valuable feature is the efficiency of the tool in finding vulnerabilities."
"Valuable features for us are the static scanning of the software, which is very important to us; the ability to set policy profiles that are specific to us; the software composition analysis, to give us reports on known vulnerabilities from our third-party components."
"For our rapid, secure DevOps cycle, we have integration of the Vericode API into our build tool, and Greenlight into our IDE."
"One of the features they have is Software Composition Analysis. When organizations use third-party, open source libraries with their application development, because they're open source they quite often have a lot of bugs. There are always patches coming out for those open source applications. You really have to stay on your toes and keep up with any third-party libraries that might be integrated into your application. Veracode's Software Composition Analysis scans those libraries and we find that very valuable."
"The one thing we really liked about Veracode when we got it was the consultation calls; that our developers are able to schedule them on their own, instead of going to a "gatekeeper." They upload their code, they have questions, they schedule it, they speak with someone on the other side who is an expert, they can speak developer-to-developers."
"Ours is a Java-based application and Veracode can detect vulnerabilities in both Angular, which is used for the UI, and also in the backend code, which includes APIs and microservices."
"I like the sandbox, the ability to upload compiled code, and how easy it is."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
"The tool needs to improve its file systems. The product should also include zero test feature."
"From the usability perspective, it is not up to date with the latest trends. It looks very old. Tools such as Datadog, New Relic, or infrastructure security tools, such as AWS Cloud, seem very user-friendly. They are completely web-based, and you can navigate through them pretty quickly, whereas Veracode is very rigid. It is like an old-school enterprise application. It does the job, but they need to invest a little more on the usability front."
"In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"The scans were sometimes not accurate in version 2022. There were some false positives in the vulnerability reports. We used to get false positives, and we were responsible for checking all of the alerts and determining whether they were true positives or false positives. They might have already improved it. If they have not, they can look into how to mitigate false positives."
"There are times when certain modules cannot be scanned automatically, requiring us to manually select these modules and initiate the scanning process on our side."
"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."
"If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing."
"I would like Veracode to add more language support."
Sonatype Repository Firewall is ranked 31st in Application Security Tools with 3 reviews while Veracode is ranked 2nd in Application Security Tools with 194 reviews. Sonatype Repository Firewall is rated 8.4, while Veracode is rated 8.2. The top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, GitHub, Black Duck and GitLab, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and OWASP Zap. See our Sonatype Repository Firewall vs. Veracode report.
See our list of best Application Security Tools vendors and best Software Composition Analysis (SCA) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.