• Home
  • Black Duck vs. Sonatype Repository Firewall

Black Duck vs Sonatype Repository Firewall comparison

Cancel
You must select at least 2 products to compare!
Synopsys Logo
Black Duck
Read 19 Black Duck reviews
14,718 views|10,174 comparisons
82% willing to recommend
Sonatype Logo
Sonatype Repository Firewall
Read 3 Sonatype Repository Firewall reviews
1,040 views|510 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Black Duck vs. Sonatype Repository Firewall
March 2024
Executive Summary

We performed a comparison between Black Duck and Sonatype Repository Firewall based on real PeerSpot user reviews.

Find out in this report how the two Software Composition Analysis (SCA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Black Duck vs. Sonatype Repository Firewall Report (Updated: March 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Sagar Mody
Effectively flags operational vulnerabilities and recommendations for fixes are very helpful
We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all... Read more →
Ashish Shukla
You will get clean code every time, and that's a great achievement
I believe this tool is being used by most of the product development team in the organization. It's part of the CI/CD pipeline. You can say it's a... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like the fact that the product auto analyzes components.""The most valuable feature of Black Duck is the seamless integration to scan our Docker binary files, it provides us all open vulnerabilities, and it ensures a reference point from where it finds the vulnerability is up to date. For example, if there is any new vulnerability found, they are immediately available in the Black Duck. There is no delay in finding the vulnerabilities, they are called out in our code immediately.""The knowledge base and the management system are the most valuable features of Black Duck Hub. It has a very helpful management environment. They offer an editor where we can check the discovered license, which is retrieved from their knowledge base. They have a huge knowledge base build over the years. It gives you some possibilities, such as this license with possibility A could cause a vulnerability issue or a potential breach.""Black Duck is pretty extensive in terms of the scan reserves and the vulnerability exposures. From that perspective, I'm happy with it.""The solution is stable.""The UI is the solution's most valuable feature since it allows for easy pipeline integration.""It highlights what the developers have done, and it shows the impact from an intellectual property point of view.""We didn't have a central inventory to quickly identify issues or determine how many products were affected. Now under Black Duck, it's all consolidated. You search for a component and immediately see which products use it."

More Black Duck Pros →

"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you.""The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."

More Sonatype Repository Firewall Pros →

Cons
"We're not too sure about the extension of the firewall. It never shows up in the Hub.""The initial setup could be simplified. It was somewhat complex.""I would like to see improvements in Black Duck's reporting capabilities.""I would like to see more integration with other solutions, such as IntelliJ IDEA.""The tool's documentation and support are areas of concern where improvements are required.""Black Duck can improve the time it takes for a scan. Most of the time it's not ideal when integrated with the live DevSecOps pipeline. We have to create a separate job to scan the library because it takes a couple of hours to scan all those libraries. The scanning could be faster.""Due to the fact that, with our software developer life cycle, we don't need to scan our source code every day or every week. For that reason, we find the cost is too high. We might only actually use it five to ten times a year, which makes it expensive.""The scanner client is limited by the size of software it can handle."

More Black Duck Cons →

"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services.""The tool needs to improve its file systems. The product should also include zero test feature."

More Sonatype Repository Firewall Cons →

Pricing and Cost Advice
  • "Depending on the use case, the cost could range from $10,000 USD to $70,000 USD."
  • "The price is quite high because the behavior of the software during the scan is similar to competing products."
  • "The price is low. It's not an expensive solution."
  • "Black Duck is more suitable if you require a lot of licensing compliance. For smaller organizations, WhiteSource is better because its pricing policies are not really suitable for huge organizations."
  • "It is expensive."
  • "I rate the product's price one on a scale of one to ten, where one is a high price, and ten is a low price."
  • "The pricing is a little high."
  • "The price charged by Black Duck is exorbitant."

    • More Black Duck Pricing and Cost Advice →

  • "The pricing is reasonable if you're a large enterprise developing code. It's not super-expensive."

    • More Sonatype Repository Firewall Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    How does WhiteSource compare with Black Duck?
    Top Answer:We researched Black Duck but ultimately chose WhiteSource when looking for an application security tool. WhiteSource is a software solution that enables agile open source security and license… more »
    What do you like most about Black Duck?
    Top Answer:The product enables other applications to be secure.
    Read all 15 answers   →
    What is your experience regarding pricing and costs for Black Duck?
    Top Answer:The pricing is a little high. I rate the pricing a seven out of ten. The average price of the product is close to $100.
    Read all 12 answers   →
    What do you like most about Sonatype Nexus Firewall?
    Top Answer:The product's network and intrusion protection features are valuable. It also has rules and compliance features for security.
    Read all 2 answers   →
    What is your primary use case for Sonatype Nexus Firewall?
    Top Answer:The product helps with vulnerability and security assessment. It also helps with assessment at the configuration level.
    Read all 3 answers   →
    What advice do you have for others considering Sonatype Nexus Firewall?
    Top Answer:I would rate the solution an eight out of ten.
    Read all 2 answers   →
    Ranking
    1st
    out of 40 in Software Composition Analysis (SCA)
    Views
    14,718
    Comparisons
    10,174
    Reviews
    8
    Average Words per Review
    455
    Rating
    7.6
    14th
    out of 40 in Software Composition Analysis (SCA)
    Views
    1,040
    Comparisons
    510
    Reviews
    1
    Average Words per Review
    105
    Rating
    8.0
    Comparisons
    Also Known As
    Blackduck Hub, Black Duck Protex, Black Duck Security Checker
    Sonatype Nexus Firewall, Nexus Firewall
    Learn More
    Synopsys
    Sonatype
    Overview

    Black Duck is a comprehensive solution for managing security, license compliance, and code quality risks that come from the use of open source in applications and containers. Named a leader in software composition analysis (SCA) by Forrester, Black Duck gives you unmatched visibility into third-party code, enabling you to control it across your software supply chain and throughout the application life cycle.

    Sonatype Repository Firewall is a cloud-based security solution designed to safeguard your software supply chain against malicious components. It operates by meticulously scanning and evaluating each new component against customized governance policies, thereby effectively identifying and blocking potential threats before they infiltrate your development pipeline. What sets Sonatype Repository Firewall apart is its user-friendly setup, seamless integration with existing workflows, and remarkable scalability, making it suitable for software development environments of any size. Key features include blocking malicious components through behavioral analysis, malware scanning, and vulnerability assessment, as well as the ability to enforce custom governance policies. By utilizing this tool, organizations can enhance their software supply chain security, mitigate risks related to supply chain attacks, bolster compliance with industry standards, and ultimately reduce costs associated with security incidents. 

    Sample Customers
    Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeaf
    EDF, Tomitribe, Crosskey, Blackboard, Travel audience
    Top Industries
    REVIEWERS
    Manufacturing Company67%
    Computer Software Company17%
    Financial Services Firm17%
    VISITORS READING REVIEWS
    Financial Services Firm21%
    Manufacturing Company15%
    Computer Software Company15%
    Healthcare Company4%
    VISITORS READING REVIEWS
    Financial Services Firm33%
    Government8%
    Computer Software Company7%
    Manufacturing Company5%
    Company Size
    REVIEWERS
    Small Business32%
    Large Enterprise68%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise10%
    Large Enterprise75%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise11%
    Large Enterprise74%
    Buyer's Guide
    Black Duck vs. Sonatype Repository Firewall
    March 2024
    Free Report: Black Duck vs. Sonatype Repository Firewall
    Find out what your peers are saying about Black Duck vs. Sonatype Repository Firewall and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    Black Duck is ranked 1st in Software Composition Analysis (SCA) with 19 reviews while Sonatype Repository Firewall is ranked 14th in Software Composition Analysis (SCA) with 3 reviews. Black Duck is rated 7.8, while Sonatype Repository Firewall is rated 8.4. The top reviewer of Black Duck writes "Enables applications to be secure, but it must provide more open APIs". On the other hand, the top reviewer of Sonatype Repository Firewall writes "You will get clean code every time, and that's a great achievement". Black Duck is most compared with Snyk, Fortify Static Code Analyzer, JFrog Xray, Mend.io and ShiftLeft, whereas Sonatype Repository Firewall is most compared with JFrog Xray, Cisco Secure Firewall, GitHub, Veracode and Sonatype Lifecycle. See our Black Duck vs. Sonatype Repository Firewall report.

    See our list of best Software Composition Analysis (SCA) vendors.

    We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.