TrustRadius: an HG Insights company

Sonatype Vulnerability Scanner

Score9.1 out of 10

1 Reviews and Ratings

Get a Demo

What is Sonatype Vulnerability Scanner?

Sonatype Vulnerability Scanner (formerly DepShield) discovers vulnerability among open source components and code in an application. It is available free and open source.

Categories & Use Cases

Reviews

What users are saying about Sonatype Vulnerability Scanner.
View all reviews

An SCA Product You Can Trust

Incentivized
Verified User
Director in Information Technology (501-1000 employees employees)

Use Cases and Deployment Scope

Scanning of open source components in our applications. We scan for license usage, security issues and for software component quality. We run the Sonatype Nexus Vulnerability Scanner as part of the build process to ensure that all applications running in production are meeting the license, security and quality requirements. We also use the continuous monitoring to ensure that we stay up to date with should there be any security vulnerability found.

Pros

  • Accuracy of data
  • Supported Language
  • Scan Time

Cons

  • Cloud offering
  • Integration to Atlassian JIRA

Most Important Features

  • Integration into existing tooling
  • Accuracy of data

Return on Investment

  • Meet compliance requirements for managing third party software vulnerabilities
  • Picking good components from the beginning