We performed a comparison between Sonatype Lifecycle and Spirent CyberFlood based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sonatype support is quite responsive. When we needed something, we could reach out and set up a meeting. They provide the best support possible."
"Some of the more profound features include the REST APIs. We tend to make use of those a lot. They also have a plugin for our CI/CD; we use Jenkins to do continuous integration, and it makes our pipeline build a lot more streamlined. It integrates with Jenkins very well."
"The key feature for Nexus Lifecycle is the proprietary data they have on vulnerabilities. The way that they combine all the different sources and also their own research into one concise article that clearly explains what the problem is. Most of the time, and even if you do notice that you have a problem, the public information available is pretty weak. So, if we want to assess if a problem applies to our product, it's really hard. We need to invest a lot of time digging into the problem. This work is basically done by Sonatype for us. The data that it delivers helps us with fixing or understanding the issue a lot quicker than without it."
"Due to the sheer amount of vulnerabilities and the fact that my company is still working on eliminating all vulnerabilities, it's still too early for me to say what I like most about Sonatype Nexus Lifecycle. Still, one of the best functions of the product is the guidance it gives in finding which components or applications have vulnerabilities. For example, my team had a vulnerability or a CVE connected to Apache last week. My team couldn't find which applications had the vulnerability initially, but using Sonatype Nexus Lifecycle helped. My team deployed new versions on that same day and successfully eliminated the vulnerabilities, so right now, the best feature of Sonatype Nexus Lifecycle is finding which applications have vulnerabilities."
"The component piece, where you can analyze the component, is the most valuable. You can pull the component up and you can look at what versions are bad, what versions are clean, and what versions haven't been reported on yet. You can make decisions based off of that, in terms of where you want to go. I like that it puts all that information right there in a window for you."
"The application onboarding and policy grandfathering features are good and the solution integrates well with our existing DevOps tools."
"We really like the Nexus Firewall. There are increasing threats from npm, rogue components, and we've been able to leverage protection there. We also really like being able to know which of our apps has known vulnerabilities."
"Automating the Jenkins plugins and the build title is a big plus."
"CyberFlood's best features are its user-friendliness and scheduling function."
"CyberFlood is flexible."
"The feature I find most valuable is the traffic generator."
"Our customers use it to check for unauthorized file transfer."
"The team managing Nexus Lifecycle reported that their internal libraries were not being identified, so they have asked Sonatype's technical team to include that in the upcoming version."
"The reporting capability is good but I wish it was better. I sent the request to support and they raised it as an enhancement within the system. An example is filtering by version. If I have a framework that is used in all applications, but version 1 is used in 50 percent of them and version 2 in 25 percent, they will show as different libraries with different usage. But in reality, they're all using one framework."
"We got a lot of annotations for certain libraries when it comes to Java, but my feeling, and the feeling of a colleague as well, is that we don't get as many for critical libraries when it comes to .NET, as if most of them are really fine... It would be good if Sonatype would check the status of annotations for .NET packages."
"The price can be improved."
"If there is something which is not in Maven Central, sometimes it is difficult to get the right information because it's not found."
"The biggest thing is getting it put uniformly across all the different teams. It's more of a process issue. The process needs to be thought out about how it's going to be used, what kind of training there will be, how it's going to be socialized, and how it's going to be rolled out and controlled, enterprise-wide. That's probably more of a challenge than the technology itself."
"In the beginning, we sometimes struggle to access the customer environment. The customer must issue the required certificates because many customers use cell phone certificates, and Sonatype needs a valid CA certificate."
"It would be helpful if it had a more detailed view of what has been quarantined, for people who don't have Lifecycle licenses. Other than that, it's pretty good."
"The solution needs more ports, more speed, and more gigabytes."
"CyberFlood's accessibility and support for multiple browsers could be better."
"I would also like to see updates on a more frequent schedule."
"Sometimes, when you configure parameters the hardware can't run, it will get stuck at those points without telling you what happened. It would be helpful if the error reporting provided more details about why the test setting is not running. It would be nice if there were a space in the hardware module for you to add some external hardware for more rigorous testing."
Sonatype Lifecycle is ranked 6th in Application Security Tools with 42 reviews while Spirent CyberFlood is ranked 33rd in Application Security Tools with 4 reviews. Sonatype Lifecycle is rated 8.4, while Spirent CyberFlood is rated 8.4. The top reviewer of Sonatype Lifecycle writes "Seamless to integrate and identify vulnerabilities and frees up staff time". On the other hand, the top reviewer of Spirent CyberFlood writes "I like the solution's flexibility". Sonatype Lifecycle is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, GitLab and Checkmarx One, whereas Spirent CyberFlood is most compared with Ixia BreakingPoint and Ixia BreakingPoint VE. See our Sonatype Lifecycle vs. Spirent CyberFlood report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.