Sonatype Repository Firewall Reviews

Name: Sonatype Repository Firewall
Brand: Sonatype
Rating: 4.2 (3 reviews)

4.2 out of 5

3 reviews
100% willing to recommend

357 followers

What is Sonatype Repository Firewall?

Sonatype Repository Firewall is a cloud-based security solution designed to safeguard your software supply chain against malicious components. It operates by meticulously scanning and evaluating each new component against customized governance policies, thereby effectively identifying and blocking potential threats before they infiltrate your development pipeline. What sets Sonatype Repository Firewall apart is its user-friendly setup, seamless integration with existing workflows, and remarkable scalability, making it suitable for software development environments of any size. Key features include blocking malicious components through behavioral analysis, malware scanning, and vulnerability assessment, as well as the ability to enforce custom governance policies. By utilizing this tool, organizations can enhance their software supply chain security, mitigate risks related to supply chain attacks, bolster compliance with industry standards, and ultimately reduce costs associated with security incidents.

Get the Application Security Tools Buyer's Guide and find out what your peers are saying about Sonatype Repository Firewall, SonarQube Server (formerly SonarQube), Cisco Secure Firewall and more!

Sonatype Repository Firewall is the #16 ranked solution in top Software Composition Analysis (SCA) solutions and #34 ranked solution in application security solutions. PeerSpot users give Sonatype Repository Firewall an average rating of 8.4 out of 10. Sonatype Repository Firewall is most commonly compared to SonarQube Server (formerly SonarQube): Sonatype Repository Firewall vs SonarQube Server (formerly SonarQube). Sonatype Repository Firewall is popular among the large enterprise segment, accounting for 74% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 32% of all views.

Buyer's Guide

Application Security Tools

October 2024

Get the category report

Helped 815,835 peers since 2012

Featured reviews

Ashish Shukla

Global Treasurer at Genpact

For the QA team, it's a really good tool. For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them. This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

Read full review

reviewer1534461

Senior Cyber Security Architect and Engineer at Microsoft

The Nexus Firewall itself, with its sheer ability to ensure that you're downloading safe code, is a big win for our environment. Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you. When you go to the IQ Server dashboard, it will tell you, "Version 1.2 is not good. You should upgrade it to version 1.3." You have that visibility, and you can whitelist things based on your business justification, and you can add notes in there as well. In terms of securing our software supply chain, what we're trying to do is set things up so that they're upstream from our developers' work stations. Aside from downloading the code safely through Sonatype, a second way is by pushing our developers' code into a repository and Sonatype will do the security evaluation. You can use it as a hosted repository, versus using ADO which does not provide security evaluation and scanning. It helps bring open source intelligence and policy enforcement across our SDLC.

Read full review

reviewer2163405

Student at a university with 51-200 employees

The product helps with vulnerability and security assessment. It also helps with assessment at the configuration level. The product's network and intrusion protection features are valuable. It also has rules and compliance features for security. The tool needs to improve its file systems. The…

Read full review

Sonatype Repository Firewall mindshare

Product category:

As of November 2024, the mindshare of Sonatype Repository Firewall in the Application Security Tools category stands at 0.3%, up from 0.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Valuable Features

"The product's network and intrusion protection features are valuable. It also has rules and compliance features for security."
"Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you."

Room for Improvement

"The tool needs to improve its file systems. The product should also include zero test feature."
"What I don't like is the lack of an option to pick up the phone and call someone for support. That is something they need to improve on. They need to have a professional services package, or they need to include that option with their services."