Sonatype Repository Firewall Valuable Features

Ashish Shukla - PeerSpot reviewer
Global Treasurer at Genpact

For the QA team, it's a really good tool. 

For those who are not on the QA team, it is also a good tool to use for SDL in the SDLC. It plays a very critical role of doing the automatic quality check recommendation. Meaning, when using this tool, people can easily rectify the issues in the environment itself, instead of going to a higher environment and identifying them.

This tool is quite easy to use and learn. We decided that there was no need to hire anyone new who would specialize in this. We had a team of about five to ten people who learned how to use this tool. There are some other automation tools like Jenkins, for example, that require a lot of effort to configure and write out the code, but you do not need to do such for this tool. I thought outside of the box and saw that there are many options available to us when using this tool. The plugins are there, you can download and use the tool at ease and you do not need to do any kind of development. Overall, it’s quite easy to use.

View full review »
UJ
Senior Cyber Security Architect and Engineer at a computer software company with 10,001+ employees

The Nexus Firewall itself, with its sheer ability to ensure that you're downloading safe code, is a big win for our environment. 

Another thing that I like about Sonatype is that if you download something today, and five days from today it becomes vulnerable, it will notify you.

When you go to the IQ Server dashboard, it will tell you, "Version 1.2 is not good. You should upgrade it to version 1.3." You have that visibility, and you can whitelist things based on your business justification, and you can add notes in there as well.

In terms of securing our software supply chain, what we're trying to do is set things up so that they're upstream from our developers' work stations. Aside from downloading the code safely through Sonatype, a second way is by pushing our developers' code into a repository and Sonatype will do the security evaluation. You can use it as a hosted repository, versus using ADO which does not provide security evaluation and scanning. It helps bring open source intelligence and policy enforcement across our SDLC.

View full review »
KN
Student at a university with 51-200 employees

The product's network and intrusion protection features are valuable. It also has rules and compliance features for security. 

View full review »
Buyer's Guide
Application Security Tools
March 2024
Find out what your peers are saying about Sonatype, Snyk, Mend.io and others in Application Security Tools. Updated: March 2024.
765,234 professionals have used our research since 2012.