When I started to install the Nexus products and started to integrate them into our development cycle, it helped us construct or fill out our development process in general. The build stage is a really good template for us and it helped establish a structure that we could build our whole continuous integration and development process around. Now our git repos are tagged for different build stages data, staging, and for release. That aligns with the Nexus Lifecycle build stages.
From the software composition analysis perspective, it first makes sure that we understand what is happening from a third-party perspective for the particular product that we use. This is very difficult when you are building software and incorporating dependencies from other libraries, because those dependencies have dependencies and that chain of dependencies can go pretty deep. There could be a vulnerability in something that is seven layers deep, and it would be very difficult to understand that is even affecting us. Therefore, Snyk provides fantastic visibility to know, "Yes, we have a problem. Here is where it ultimately comes from." It may not be with what we're incorporating, but something much deeper than that.
The most valuable feature is the unified JAR to scan for all langs (wss-scanner jar).
The reporting capability gives us the option to generate an open-source license report in a single click, which gets all copyright and license information, including dependencies.
The solution works well on Mac products.
The stability is okay.
It speeds up our development, it's faster, safer, and more convenient.
A user friendly solution.
The most valuable feature is the dynamic application security testing.
The article scanning is excellent.
Their CLI tool is very efficient. It does not send your source code over to their servers. It just does fingerprinting. It is also very easy to integrate into software development practices.