Sonatype Nexus Lifecycle Competitors and Alternatives

Get our free report covering SonarSource, Synopsys, WhiteSource, and other competitors of Sonatype Nexus Lifecycle. Updated: January 2021.
455,164 professionals have used our research since 2012.

Read reviews of Sonatype Nexus Lifecycle competitors and alternatives

Andy Cox
Product Strategy Group Director at Civica
Real User
Top 5Leaderboard
Mar 3, 2020
Helps our developers be aware of duplicate components in their code, but .NET open-source licensing recognition needs work

What is our primary use case?

We have two use cases. We're predominantly a products company and we scan our products, in a controlled way, to make sure they're not using open-source software. We want to make sure that we're licensed correctly for our products and the way they are deployed. There are also security reasons for making sure that our products aren't introducing vulnerabilities and, if they are, that we can address them. And part of our business is that we build bespoke software. Some of our customers want to make sure that the open-source software is being used correctly in the software we build for them. And… more »

Pros and Cons

  • "For us, it's seeing not only the licensing and security vulnerabilities but also seeing the age of the open-sources included within our software. That allows us to take proactive steps to make sure we're updating the software to versions that are regularly maintained and that don't have any vulnerabilities."
  • "We use Azure DevOps as our application lifecycle management tool. It doesn't integrate with that as well as it does with other tools at the moment, but I think there's work being done to address that. In terms of IDEs, it integrates well. We would like to integrate it into our Azure cloud deployment but the integration with Azure Active Directory isn't quite as slick as we would like it to be. We have to do some workarounds for that at the moment."

What other advice do I have?

I would definitely recommend understanding what you're trying to achieve. For us it's quite clear that we want, for the moment, to protect our IP and to identify security vulnerabilities. If the understanding is that you want to protect against open-source from coming into your products in the first place, or you're doing greenfield development, look at the right product stack from Sonatype to make sure that you're choosing the right set of products. We've got a mature product base that we're working with. If you're starting from scratch, you would want to assess what you're trying to get out…
Wes Kanazawa
Sr. DevOps Engineer at Primerica
Real User
Top 5Leaderboard
Mar 3, 2020
Enables our developers to proactively select components that don't have a vulnerability or a licensing issue

What is our primary use case?

We're using it to change the way we do our open-source. We used to actually save our open-source and now we're moving towards a firewall approach where we are proxy to Maven repos or NPM repos, and we are using those proxies so that we can keep ourselves from pulling in known bad components at build time. We're able to be more proactive on our builds.

Pros and Cons

  • "The proxy repository is probably the most valuable feature to us because it allows us to be more proactive in our builds. We're no longer tied to saving components to our repository."
  • "It would be helpful if it had a more detailed view of what has been quarantined, for people who don't have Lifecycle licenses. Other than that, it's pretty good."

What other advice do I have?

My advice would be to use it as soon as you can. Get it implemented into your environment as quickly as you can because it's going to help. Once you get it, get your devs on it because they're going to thank you for it. All of our development is happening using the firewall. All our build pipelines are going through there. As far as licensed users go who can look at Nexus, we've got about 35. They range from devs to security personnel to DevOps people. All our applications are moving over to it, so that's definitely going to increase the usage. We've got about another 200 applications on the…
Get our free report covering SonarSource, Synopsys, WhiteSource, and other competitors of Sonatype Nexus Lifecycle. Updated: January 2021.
455,164 professionals have used our research since 2012.