Gizem MercanCloud Architect at a manufacturing company
Ryan CarrieSecurity Analyst at a computer software company
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"I think that we pay approximately $100 USD per month."
"The price is okay."
"It seems reasonable. Our IT team manages the licenses."
"Its price is fine. It is on the cheaper side and not expensive. You have to pay additionally for GitLab CI/CD minutes. Initially, we used the free version. When we ran out of GitLab minutes, we migrated to the paid version."
"Pricing is comparable with some of the other products. We are happy with the pricing."
"The price is good. We certainly get a lot more in return. However, it's also hard to get the funds to roll out such a product for the entire firm. Therefore, pricing has been a limiting factor for us. However, it's a fair price."
"The license fee may be a bit harder for startups to justify. But it will save you a headache later as well as peace of mind. Additionally, it shows your own customers that you value security stuff and will protect yourselves from any licensing issues, which is good marketing too."
"In addition to the license fee for IQ Server, you have to factor in some running costs. We use AWS, so we spun up an additional VM to run this. If the database is RDS that adds a little bit extra too. Of course someone could run it on a pre-existing VM or physical server to reduce costs. I should add that compared to the license fee, the running costs are so minimal they had no effect on our decision to use IQ Server."
"Pricing is decent. It's not horrible. It's middle-of-the-road, as far as our ranking goes. They're a little bit more but that's also because they provide more."
"Lifecycle, to the best of my recollection, had the best pricing compared with other solutions."
"Cost is a drawback. It's somewhat costly."
"It's expensive, but you get what you pay for. There were no problems with the base license and how they do it. It was transparent. You don't have to worry. You can scan to your heart's delight."
Earn 20 points
At Accurics™, we envision a world where organizations can innovate in the cloud with confidence. Our mission is to enable cyber resilience through self-healing as organizations embrace cloud native infrastructure. The Accurics platform self-heals cloud native infrastructure by codifying security throughout the development lifecycle. It programmatically detects and resolves risks across Infrastructure as Code before infrastructure is provisioned, and maintains the secure posture in runtime by programmatically mitigating risks from changes. Accurics enables organizations of all sizes to achieve cloud cyber resilience through free cloud-based and open source tools such as Terrascan™.
GitLab is a single application with features for the whole software development and operations (DevOps) lifecycle.
Nexus Lifecycle gives you full control over your software supply chain and allows you to define rules, actions, and policies that work best for your organization and teams.
GitLab is ranked 4th in Software Composition Analysis (SCA) with 12 reviews while Sonatype Nexus Lifecycle is ranked 1st in Software Composition Analysis (SCA) with 18 reviews. GitLab is rated 8.4, while Sonatype Nexus Lifecycle is rated 8.6. The top reviewer of GitLab writes "Provides or mandates quantitative code into the Master". On the other hand, the top reviewer of Sonatype Nexus Lifecycle writes "Checks our libraries for security and licensing issues". GitLab is most compared with Microsoft Azure DevOps, Tekton, TeamCity, Bamboo and GoCD, whereas Sonatype Nexus Lifecycle is most compared with SonarQube, Black Duck, WhiteSource, JFrog Xray and Veracode Software Composition Analysis. See our GitLab vs. Sonatype Nexus Lifecycle report.
See our list of best Software Composition Analysis (SCA) vendors.
We monitor all Software Composition Analysis (SCA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.