Skip to main content
TrustRadius
Sonatype Vulnerability Scanner

Sonatype Vulnerability Scanner
Formerly DepShield

Overview

What is Sonatype Vulnerability Scanner?

Sonatype Vulnerability Scanner (formerly DepShield) discovers vulnerability among open source components and code in an application. It is available free and open source.

Read more
Recent Reviews
Read all reviews

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

What is Sonatype Vulnerability Scanner?

Sonatype Vulnerability Scanner (formerly DepShield) discovers vulnerability among open source components and code in an application. It is available free and open source.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.sonatype.com/products/vulne…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

1 person also want pricing

Alternatives Pricing

What is Snyk?

Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and helps security teams to collaborate with their development teams. It boasts a developer-first approach that ensures organizations can secure all of the critical components of their applications from code to…

What is Sonatype Platform?

Sonatype secures the software supply chain and protects organizations' vital software development lifecycle(SDLC). The platform unites security teams and developers to accelerate digital innovation without sacrificing security or quality across the SDLC. With users among more than 2,000…

Return to navigation

Product Details

What is Sonatype Vulnerability Scanner?

Sonatype Vulnerability Scanner (formerly DepShield) discovers vulnerability among open source components and code in an application. It is available free and open source.

The tool provides a comprehensive Software Bill of Materials. The first step in protecting an app is knowing exactly what open source components are being used and where with a comprehensive Software Bill of Materials. The results will outline any policy violations, security issues, and a license analysis contained in the application, to help the user understand the severity of any open source risk.

The solution can be downloaded and used as a JAR file, or it is available as the Sonatype Vulnerability Scanner online.

Sonatype Vulnerability Scanner Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating Systems,
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(1)

Reviews

(1-1 of 1)
Companies can't remove reviews or game the system. Here's why
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Scanning of open source components in our applications. We scan for license usage, security issues and for software component quality. We run the Sonatype Nexus Vulnerability Scanner as part of the build process to ensure that all applications running in production are meeting the license, security and quality requirements. We also use the continuous monitoring to ensure that we stay up to date with should there be any security vulnerability found.
  • Accuracy of data
  • Supported Language
  • Scan Time
  • Cloud offering
  • Integration to Atlassian JIRA
Well suited for organizations with small application security team as the solution scales and is easy for devs to use. The only choice if you develop in Java as their data is the most accurate.
  • Integration into existing tooling
  • Accuracy of data
  • Meet compliance requirements for managing third party software vulnerabilities
  • Picking good components from the beginning
Return to navigation