Sonatype Nexus Firewall Overview

Sonatype Nexus Firewall is the #8 ranked solution in our list of top Software Composition Analysis (SCA) tools. It is most often compared to JFrog Xray: Sonatype Nexus Firewall vs JFrog Xray

What is Sonatype Nexus Firewall?

Nexus Firewall is a perimeter quality control for software development. Similar to a network firewall, it leverages rules you define that automatically shield you from unacceptable software components entering and another set for stopping them from exiting your application development.

Sonatype Nexus Firewall is also known as Nexus Firewall.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: June 2021

Sonatype Nexus Firewall Customers
EDF, Tomitribe, Crosskey, Blackboard, Travel audience
Sonatype Nexus Firewall Video

Pricing Advice

What users are saying about Sonatype Nexus Firewall pricing:
  • "The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
UJ
Senior Cyber Security Architect and Engineer at a computer software company with 10,001+ employees
Real User
Top 20
Significantly decreases our time to market for secure apps by automating open source approval

What is our primary use case?

With the security concerns around open source, the management and vulnerability scanning, it's relatively new. In today's world more and more people are going through the open source arena and downloading code like Python, GitHub, Maven, and other external repositories. There is no way for anyone to know what our users, especially our data scientists and our developers, are downloading. We deployed Sonatype to give us the ability to see if these codes are vulnerable or not. Our Python users and our developers use Sonatype to download their repositories. Given the confidentiality of our… more »

Pros and Cons

  • "Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
  • "What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."

What other advice do I have?

You should have some knowledge of Linux before implementing it, because to set up the rsync and to make sure your data is being replicated and that it's HA, you need to know Linux. We took a look at the demo of Nexus Container and, although I haven't used it hands-on so I cannot say too much about it, it looks like a freaking awesome product. We are in the process of evaluating it and may do a PoC. It looks like it's easy to use, easy to integrate, and does not require a lot of RAM or storage. You can install it on existing Kubernetes clusters, so there's not a lot of infrastructure needed…