Sonatype Nexus Lifecycle Other Solutions Considered

EdwinKwan
Security Team Lead at Tyro Payments Limited
We did a PoC with a few companies and we picked Sonatype and we've been happy with them since. We looked at Black Duck, and we also look at the free version, the OWASP, a dependency checker. We also looked at Veracode. The difference between Sonatype and the competitors is the accuracy. But having said that, I'm not too sure how Lifecycle compares to Black Duck. I know Black Duck is pretty good too. The main difference between Lifecycle and Black Duck for us was the price point. View full review »
ColinStandish
Project Manager at a hospitality company with 10,001+ employees
We didn't look at any of the competing products at the time because we were happy with what we're getting from the open-source product. And we were happy with the conversation that we had with Sonatype around their Lifecycle enterprise product. So we went with that. View full review »
ConfigManag73548
Configuration Manager at a health, wellness and fitness company with 5,001-10,000 employees
There's SonarQube which does static code analysis, but not at the level that Nexus IQ offers it. There is Artifactory, which does do Docker scanning now. One thing that Nexus IQ has been able to do is to be almost proactive in its integration. You can be in your IDE, you can be in the build pipeline, you can be in the Nexus Repository, and you can get a view of the vulnerabilities. Also you can get recommendations, so you don't necessarily have to waste time in searching the web for a patching solution or an update to fix the vulnerability. It actually gives you recommendations about what you can do to mitigate the problem. That's a distinguishing feature from the other toolsets. View full review »
Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: October 2019.
371,917 professionals have used our research since 2012.
Charles Chani
DevSecOps at a financial services firm with 10,001+ employees
I think they looked at competitors but that wasn't my job. I'm familiar with the competitors. They are similar to Sonatype but, possibly, not as comprehensive. There are at least three or four other solutions using different but similar concepts. In my view, they're not as convenient or as good as Sonatype. View full review »
Russell Webster
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees
We looked at Artifactory as well. We went with Sonatype because it is more comprehensive, it's a market leader, has a great feature set, and support is really good. It's a good team and company. They provide much more granular details, as well as assistance in the remediation and understanding of vulnerabilities, than their competition. View full review »
SrLeadSo5b76
Sr Lead Solution Services at a financial services firm with 201-500 employees
We evaluated different Black Duck and WhiteSource, but chose Nexus because we felt it was the best product offered. In early 2017, Black Duck had an approach of uploading everything all at one time, then coming back later to see the report, which Nexus IQ didn't. Also, with the price points, there were distinct differences between Black Duck and Nexus IQ. View full review »
Axel Niering
Achitekt at SV Informatik GmbH
We also evaluated Black Duck. We selected Nexus because of the data quality and the ability to integrate it into our build process. View full review »
JavaDevef0ca
Java Development Manager at a government with 10,001+ employees
We didn't look at any other options. We have been using Nexus for years. We had some initial sessions with them, we did a PoC and we liked the product. We went ahead with it. View full review »
Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: October 2019.
371,917 professionals have used our research since 2012.
Sign Up with Email