We performed a comparison between SonarQube and Sonatype Repository Firewall based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."SonarQube is good for checking and maintaining code quality."
"It is a good deal compared to all other tools on the market."
"The most valuable function is its usability."
"The most valuable features are the dashboard, the ability to drill down to the code, user-friendly, and the technical debt estimation."
"If you want to have your code scanned and timed then this is a good tool."
"The reporting and the results are quick. It gets integrated within the pipeline well."
"The software quality gate streamlines the product's quality."
"Before you even compile, it can catch known vulnerability issues or patterns."
"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."
"The time it took for me to do the whole process was approximately two hours because I had to download, read the documentation, and do the configurations."
"The scanning part could be improved in SonarQube. We have used Coverity for scanning, and we have the critical issues reported by Coverity. When we used SonarQube for scanning and looked at the results, it seems that some of them have incorrect input. This part can be improved for C and C++ languages."
"The software testing tool capability could improve. It does not always integrate well. You have to use a specific plugin and the plugin does not always go in Apple's applications."
"The product needs to integrate other security tools for security scanning."
"There is need for support for the additional languages and ease of use in adding new rules for detecting issues."
"The reporting is good, but I am not able to download a specific report as a PDF, so downloading reports is something that should be looked at."
"The solution could improve by having better-consulting services."
"The learning curve can be fairly steep at first, but then, it's not an entry-level type of application. It's not like an introduction to C programming. You should know not just C programming and how to make projects but also how to apply its findings to the bigger picture. I've had users who said that they wish it was easier to understand how to configure, but I don't know if that's doable because what it's doing is a very complicated thing. I don't know if it is possible to make a complicated thing trivially simple."
"The tool needs to improve its file systems. The product should also include zero test feature."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."
SonarQube is ranked 1st in Application Security Tools with 112 reviews while Sonatype Repository Firewall is ranked 34th in Application Security Tools with 3 reviews. SonarQube is rated 8.0, while Sonatype Repository Firewall is rated 8.4. The top reviewer of SonarQube writes "Easy to integrate and has a plug-in that supports both C and C++ languages". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". SonarQube is most compared with Checkmarx One, SonarCloud, Coverity, Veracode and GitHub Advanced Security, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, Black Duck, GitHub and Sonatype Lifecycle. See our SonarQube vs. Sonatype Repository Firewall report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.