Sonatype Nexus Lifecycle Review

Easy to configure and integrate, it has helped us address security and access issues

What is our primary use case?

The solution is mainly providing security, as well as creating threshold values. In terms of dependencies, it helps us with which ones are used and which are not, which need to be kept, which do not need to be kept.

How has it helped my organization?

We have reduced a lot of security access issues. For example, we can restrict user access level for the baseline of our organization's security.

Right now we are using it in Jenkins, it's open-source and it has very good restrictive policies. We are now moving into Bamboo. It has not been completely implemented in production, but we have started on it.

What is most valuable?

  • Easy to handle and easy to configure
  • User-friendly 
  • Easy to map and easy to integrate 
  • Easy to update 
  • Fulfills a lot of security purposes

It has all the features we need.

What needs improvement?

The only thing I can say is that sometimes we face difficulties with Maven Central. We are integrating everything with that, as a repository. If Maven Central changes something in its versions... For example, if I'm using the 1.0.0 version, after one or two years, the 1.0.0 version will be gone from Maven Central but our team will still be using that 1.0.0 version to build. When they do builds, it won't build completely because that version is gone from Maven Central. There is a difference in our Sonatype Maven Central. That is the only issue I have seen so far. If an old version is gone, it's not able to use it anymore. Is there any way we can keep the old versions in our local repository instead of in Maven Central?

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The stability is great.

What do I think about the scalability of the solution?

I would rate the scalability at eight out of ten.

How are customer service and technical support?

It's easy to solve issues and their support team is very helpful when I need help. They are able to give us solutions just like that, with a quick response. That is the beauty of their team. I like it. I rate technical support at nine out of ten. It's awesome the way they explain things to us, the way they email and send documentation.

Which solution did I use previously and why did I switch?

We are looking back almost five years. We used a lot of IBM products and we used in-house products. With them, we were able to directly copy the dependencies we had in Maven Central to our local repositories.

How was the initial setup?

We always us global setups. We use settings from XML files and we configure all of our repositories at a single, global repository in Nexus. We can just reference that URL and Nexus will report to our second XML file. That way, all the developers can use the same second XML file for extracting the different names or uploading the new Nexus stuff.

The deployment was very quick, it only took two or three minutes.

What's my experience with pricing, setup cost, and licensing?

The licensing is okay. Compared to IBM, Sonatype is good.

What other advice do I have?

There are demo licenses so ask them for one to try the solution. They will get back to you for sure. I would tell others how easy and how good the product is, and how easily they can implement, integrate it, and secure it. I refer this product to most of my colleagues and friends.

We integrated with Nexus IQ. The Sonatype people visited us three or four times. They explained to us how to use it, how Sonatype works, as well as the best features. They explained everything briefly and gave me the best examples and features and comparisons with other companies; how they're using it and how we could improve our organization. I liked that.

We have about 300 developers using it in our organization and they just use our global configuration files. They don't know what is going on in the background, it's completely infrastructure-driven. We used to give them instructions on how to use Nexus and how to check their security levels. Staff for deployment and maintenance includes six people in our team. Two are in the US and four are offshore in India. It's a 24/7 process so we need to cover everything.

We do have plans to increase usage, but that's not my role.

The solution is awesome, the way they have implemented it, the way they help us know what is good. We haven't found any difficulties.

Overall, I give the solution a nine out of ten. It's a very user-friendly product and it is very easy to integrate with any other products. It's more reliable and more securable.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Sonatype Nexus Lifecycle reviews from users
...who work at a Financial Services Firm
...who compared it with Black Duck
Learn what your peers think about Sonatype Nexus Lifecycle. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,637 professionals have used our research since 2012.
Add a Comment
ITCS user