Compare Black Duck vs. Sonatype Nexus Lifecycle

Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about Black Duck vs. Sonatype Nexus Lifecycle and other solutions. Updated: September 2020.
442,845 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"It highlights what the developers have done, and it shows the impact from an intellectual property point of view.""I like the fact that the product auto analyzes components.""The stability is okay.""The solution works well on Mac products."

More Black Duck Pros »

"When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the ability to make suggestions on the ones they should be using instead.""It's online, which means if a change is made to the Nexus database today, or within the hour, my developers will benefit instantly. The security features are discovered continuously. So if Nexus finds out that a library is no longer safe, they just have to flag it and, automatically, my developers will know.""There is a feature called Continuous Monitoring. As time goes on we'll be able to know whether a platform is still secure or not because of this feature.""The most valuable feature is that I get a quick overview of the libraries that are included in the application, and the issues that are connected with them. I can quickly understand which problems there are from a security point of view or from a licensing point of view. It's quick and very exact.""It was very easy to integrate into our build pipeline, with Jenkins and Nexus Repository as the central product.""Among its valuable features, it's easy to handle and easy configure, it's user-friendly, and it's easy to map and integrate.""It scans and gives you a low false-positive count... The reason we picked Lifecycle over the other products is, while the other products were flagging stuff too, they were flagging things that were incorrect. Nexus has low false-positive results, which give us a high confidence factor.""What's really nice about that is it shows a graph of all the versions for that particular component, and it marks out the ones that have a vulnerability and the ones that don't have a vulnerability."

More Sonatype Nexus Lifecycle Pros »

Cons
"I would like to see more integration with other solutions, such as IntelliJ IDEA.""The scanner client is limited by the size of software it can handle.""It needs to be more user-friendly for developers and in general, to ensure compliance.""We're not too sure about the extension of the firewall. It never shows up in the Hub."

More Black Duck Cons »

"They could do with making more plugins for the more common integration engines out there. Right now, it supports automation engine by Jenkins but it doesn't fully support something like TeamCity.""In terms of features, the reports natively come in as PDF or JSON. They should start thinking of another way to filter their reports. The reporting tool used by most enterprises, like Splunk and Elasticsearch, do not work as well with JSON.""If there is something which is not in Maven Central, sometimes it is difficult to get the right information because it's not found.""If you look at NPM-based applications, JavaScript, for example, these are only checkable via the build pipeline. You cannot upload the application itself and scan it, as is possible with Java, because a file could change significantly.""Sometimes we face difficulties with Maven Central... if I'm using the 1.0.0 version, after one or two years, the 1.0.0 version will be gone from Maven Central but our team will still be using that 1.0.0 version to build. When they do builds, it won't build completely because that version is gone from Maven Central. There is a difference in our Sonatype Maven Central.""We created the Wiki page for each team showing an overview of their outstanding security issues because the Lifecycle reporting interface isn't as intuitive. It is good for people on my team who use it quite often. But for a tech engineer who doesn't interact with it regularly, it's quite confusing.""Another feature they could use is more languages. Sonatype has been mainly a Java shop because they look after Maven Central... But we've slowly been branching out to different languages. They don't cover all of them, and those that they do cover are not as in-depth as we would like them to be.""The biggest thing is getting it put uniformly across all the different teams. It's more of a process issue. The process needs to be thought out about how it's going to be used, what kind of training there will be, how it's going to be socialized, and how it's going to be rolled out and controlled, enterprise-wide. That's probably more of a challenge than the technology itself."

More Sonatype Nexus Lifecycle Cons »

Pricing and Cost Advice
"Depending on the use case, the cost could range from $10,000 USD to $70,000 USD.""The price is quite high because the behavior of the software during the scan is similar to competing products."

More Black Duck Pricing and Cost Advice »

"Its pricing is competitive within the market. It's not very cheap, it's not very expensive.""We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.""Pricing is comparable with some of the other products. We are happy with the pricing.""The price is good. We certainly get a lot more in return. However, it's also hard to get the funds to roll out such a product for the entire firm. Therefore, pricing has been a limiting factor for us. However, it's a fair price.""Our licensing costs are on an annual basis. The Sonatype licensing model is transparent with no hidden costs or holes.""The license fee may be a bit harder for startups to justify. But it will save you a headache later as well as peace of mind. Additionally, it shows your own customers that you value security stuff and will protect yourselves from any licensing issues, which is good marketing too.""In addition to the license fee for IQ Server, you have to factor in some running costs. We use AWS, so we spun up an additional VM to run this. If the database is RDS that adds a little bit extra too. Of course someone could run it on a pre-existing VM or physical server to reduce costs. I should add that compared to the license fee, the running costs are so minimal they had no effect on our decision to use IQ Server.""Pricing is decent. It's not horrible. It's middle-of-the-road, as far as our ranking goes. They're a little bit more but that's also because they provide more."

More Sonatype Nexus Lifecycle Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Software Composition Analysis (SCA) solutions are best for your needs.
442,845 professionals have used our research since 2012.
Questions from the Community
Top Answer: I like the fact that the product auto analyzes components.
Top Answer: There are some features that cost extra but we don't use them because I'm not sure there's added value. The product is not cheap. There are several methods of payment - by product, by scale, or by… more »
Top Answer: In terms of improvement, there are several areas. The scanner client is limited by the size of software it can handle. If you're scanning software larger than five gigs, it needs to be split and is… more »
Top Answer: The report part is quite easy to read. The report part is very important to us because that is how we communicate to our security officer and the security committee. Therefore, we need to have a… more »
Top Answer: Our licensing costs are on an annual basis. The Sonatype licensing model is transparent with no hidden costs or holes.
Top Answer: One thing that I would like to give feedback on is to scan the binary code. It's very difficult to find. It's under organization and policies where there are action buttons that are not very obvious… more »
Ranking
Views
11,976
Comparisons
8,671
Reviews
3
Average Words per Review
863
Avg. Rating
6.7
Views
14,275
Comparisons
7,746
Reviews
22
Average Words per Review
1,759
Avg. Rating
8.7
Popular Comparisons
Compared 29% of the time.
Compared 18% of the time.
Compared 14% of the time.
Compared 6% of the time.
Also Known As
Blackduck Hub, Black Duck Protex, Black Duck Security CheckerNexus Lifecycle
Learn
Synopsys
Sonatype
Overview

Black Duck Hub is the leading platform for automated license compliance and open source security. Black Duck Hub helps security and development teams identify and mitigate open source-related risks across their application portfolio, while incorporating the functionality of Protex license compliance.

Nexus Lifecycle gives you full control over your software supply chain and allows you to define rules, actions, and policies that work best for your organization and teams.

Offer
Learn more about Black Duck
Learn more about Sonatype Nexus Lifecycle
Sample Customers
Samsung, Siemens, ScienceLogic, Noser Engineering AG, ClickFox, Dynatrace, CopperLeafGenome.One, Blackboard, Crediterform, Crosskey, Intuit, Progress Software, Qualys, Liberty Mutual Insurance
Top Industries
VISITORS READING REVIEWS
Computer Software Company45%
Comms Service Provider13%
Manufacturing Company8%
Financial Services Firm5%
REVIEWERS
Financial Services Firm37%
Insurance Company21%
Computer Software Company11%
Transportation Company5%
VISITORS READING REVIEWS
Computer Software Company34%
Comms Service Provider12%
Financial Services Firm10%
Insurance Company7%
Company Size
No Data Available
REVIEWERS
Small Business25%
Midsize Enterprise17%
Large Enterprise58%
VISITORS READING REVIEWS
Small Business18%
Midsize Enterprise10%
Large Enterprise73%
Find out what your peers are saying about Black Duck vs. Sonatype Nexus Lifecycle and other solutions. Updated: September 2020.
442,845 professionals have used our research since 2012.
Black Duck is ranked 4th in Software Composition Analysis (SCA) with 4 reviews while Sonatype Nexus Lifecycle is ranked 1st in Software Composition Analysis (SCA) with 22 reviews. Black Duck is rated 6.6, while Sonatype Nexus Lifecycle is rated 8.8. The top reviewer of Black Duck writes "Useful for determining the health of applications that contain open source components". On the other hand, the top reviewer of Sonatype Nexus Lifecycle writes "Checks our libraries for security and licensing issues". Black Duck is most compared with WhiteSource, Snyk, JFrog Xray, Veracode Software Composition Analysis and FOSSA, whereas Sonatype Nexus Lifecycle is most compared with SonarQube, WhiteSource, JFrog Xray, Veracode and Checkmarx. See our Black Duck vs. Sonatype Nexus Lifecycle report.

See our list of best Software Composition Analysis (SCA) vendors.

We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.