We performed a comparison between Invicti and Sonatype Lifecycle based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."
"I like that it's stable and technical support is great."
"The scanner and the result generator are valuable features for us."
"The best features of Invicti are its ability to confirm access vulnerabilities, SSL injection vulnerabilities, and its connectors to other security tools."
"It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms."
"The most valuable feature of Invicti is getting baseline scanning and incremental scan."
"This tool is really fast and the information that they provide on vulnerabilities is pretty good."
"High level of accuracy and quick scanning."
"The REST API is the most useful for us because it allows us to drive it remotely and, ideally, to automate it."
"Lifecycle lets developers see any vulnerabilities or AGPL license issues associated with code in the early stages of development. The nice thing is that it's built into the ID so that they can see all versions of a specific code."
"It's helped us free up staff time."
"When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the ability to make suggestions on the ones they should be using instead."
"When I started to install the Nexus products and started to integrate them into our development cycle, it helped us construct or fill out our development process in general. The build stage is a really good template for us and it helped establish a structure that we could build our whole continuous integration and development process around. Now our git repos are tagged for different build stages data, staging, and for release. That aligns with the Nexus Lifecycle build stages."
"The Software Security Center, which is often overlooked, stands out as the most effective feature."
"The most important features of the Sonatype Nexus Lifecycle are the vulnerability reports."
"The way we can define policies and apply those policies selectively across the different applications is valuable. We can define a separate policy for public-facing applications and a separate policy for the internal applications. That is cool."
"Asset scanning could be better. Once, it couldn't scan assets, and the issue was strange. The price doesn't fit the budget of small and medium-sized businesses."
"Reporting should be improved. The reporting options should be made better for end-users. Currently, it is possible, but it's not the best. Being able to choose what I want to see in my reports rather than being given prefixed information would make my life easier. I had to depend on the API for getting the content that I wanted. If they could fix the reporting feature to make it more comprehensive and user-friendly, it would help a lot of end-users. Everything else was good about this product."
"Maybe the ability to make a good reporting format is needed."
"The scanning time, complexity, and authentication features of Invicti could be improved."
"Invicti takes too long with big applications, and there are issues with the login portal."
"The solution needs to make a more specific report."
"The scanner itself should be improved because it is a little bit slow."
"Netsparker doesn't provide the source code of the static application security testing."
"The price can be improved."
"Since Nexus Repository just keeps on adding the .jar artifacts whenever there is a build, whenever an application is going up, there is always a space issue on the server. That is one of the things that we are looking for Nexus to notify us about: if it is running out of space."
"Not all languages are supported in Fortify."
"Improvement as per customer requirements."
"As far as the relationship of, and ease of finding the relationships between, libraries and applications across the whole enterprise goes, it still does that. They could make that a little smoother, although right now it's still pretty good."
"The user interface needs to be improved. It is slow for us. We use Nexus IQ mostly via APIs. We don't use the interface that much, but when we use it, certain areas are just unresponsive or very slow to load. So, performance-wise, the UI is not fast enough for us, but we don't use it that much anyway."
"One thing that it is lacking, one thing I don't like, is that when you label something or add a status to it, you do it as an overall function, but you can't go back and isolate a library that you want to call out individually and remove a status from it. It's still lacking some functionality-type things for controlling labels and statuses. I'd like to be able to apply it across all of my apps, but then turn it off for one, and I can't do that."
"Another feature they could use is more languages. Sonatype has been mainly a Java shop because they look after Maven Central... But we've slowly been branching out to different languages. They don't cover all of them, and those that they do cover are not as in-depth as we would like them to be."
Invicti is ranked 20th in Application Security Tools with 25 reviews while Sonatype Lifecycle is ranked 6th in Application Security Tools with 43 reviews. Invicti is rated 8.2, while Sonatype Lifecycle is rated 8.4. The top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". On the other hand, the top reviewer of Sonatype Lifecycle writes "Seamless to integrate and identify vulnerabilities and frees up staff time". Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Fortify WebInspect, whereas Sonatype Lifecycle is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, GitLab and Checkmarx One. See our Invicti vs. Sonatype Lifecycle report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.