We performed a comparison between Sonatype Lifecycle and Virsec Security Platform based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."The data quality is really good. They've got some of the best in the industry as far as that is concerned. As a result, it helps us to resolve problems faster. The visibility of the data, as well as their features that allow us to query and search - and even use it in the development IDE - allow us to remediate and find things faster."
"The report part is quite easy to read. The report part is very important to us because that is how we communicate to our security officer and the security committee. Therefore, we need to have a complete report that we can generate and pass onto them for review."
"The component piece, where you can analyze the component, is the most valuable. You can pull the component up and you can look at what versions are bad, what versions are clean, and what versions haven't been reported on yet. You can make decisions based off of that, in terms of where you want to go. I like that it puts all that information right there in a window for you."
"Automating the Jenkins plugins and the build title is a big plus."
"The policy engine is really cool. It allows you to set different types of policy violations, things such as the age of the component and the quality: Is it something that's being maintained? Those are all really great in helping get ahead of problems before they arise. You might otherwise end up with a library that's end-of-life and is not going to get any more fixes."
"What's really nice about that is it shows a graph of all the versions for that particular component, and it marks out the ones that have a vulnerability and the ones that don't have a vulnerability."
"The proxy repository is probably the most valuable feature to us because it allows us to be more proactive in our builds. We're no longer tied to saving components to our repository."
"The quality or the profiles that you can set are most valuable. The remediation of issues that you can do and how the information is offered is also valuable."
"We use the solution for Zero-day protection."
"The team managing Nexus Lifecycle reported that their internal libraries were not being identified, so they have asked Sonatype's technical team to include that in the upcoming version."
"The solution is not an SaaS product."
"The biggest thing is getting it put uniformly across all the different teams. It's more of a process issue. The process needs to be thought out about how it's going to be used, what kind of training there will be, how it's going to be socialized, and how it's going to be rolled out and controlled, enterprise-wide. That's probably more of a challenge than the technology itself."
"We got a lot of annotations for certain libraries when it comes to Java, but my feeling, and the feeling of a colleague as well, is that we don't get as many for critical libraries when it comes to .NET, as if most of them are really fine... It would be good if Sonatype would check the status of annotations for .NET packages."
"In terms of features, the reports natively come in as PDF or JSON. They should start thinking of another way to filter their reports. The reporting tool used by most enterprises, like Splunk and Elasticsearch, do not work as well with JSON."
"As far as the relationship of, and ease of finding the relationships between, libraries and applications across the whole enterprise goes, it still does that. They could make that a little smoother, although right now it's still pretty good."
"Nexus Lifecycle is multiple products. One drawback I've noticed is that there are some differences in the features between the products within Lifecycle. They need to maintain the same structure, but there are some slight differences."
"It's the right kind of tool and going in the right direction, but it really needs to be more code-driven and oriented to be scaled at the developer level."
"The tool's dashboard needs to load since it is not responsive and takes time to load."
Sonatype Lifecycle is ranked 6th in Application Security Tools with 42 reviews while Virsec Security Platform is ranked 35th in Application Security Tools with 1 review. Sonatype Lifecycle is rated 8.4, while Virsec Security Platform is rated 7.0. The top reviewer of Sonatype Lifecycle writes "Seamless to integrate and identify vulnerabilities and frees up staff time". On the other hand, the top reviewer of Virsec Security Platform writes "Helps with Zero-day protection ". Sonatype Lifecycle is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, GitLab and Checkmarx One, whereas Virsec Security Platform is most compared with CrowdStrike Falcon Cloud Security, CrowdStrike Falcon and Trend Vision One - Cloud Security.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.