Sonatype Nexus Lifecycle Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
EdwinKwan
Real User
Security Team Lead at Tyro Payments Limited
Mar 13 2019

What is most valuable?

The are two things that allow us to do what we want to and that's why we chose Nexus Lifecycle. First, it scans and gives you a low false-positive… more»

How has it helped my organization?

One of the ways that it has helped us is that it has given us visibility into security issues. It has made us a bit more proactive in dealing with… more»

What needs improvement?

We created a Wiki page for each team showing an overview of their outstanding security issues because the Lifecycle reporting interface isn't as… more»

What's my experience with pricing, setup cost, and licensing?

We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.

What other advice do I have?

My advice is that you should definitely use it. You need to think about the rollout and to make sure you integrate it into the software development… more»
Charles Chani
Real User
DevSecOps at a financial services firm with 10,001+ employees
Feb 28 2019

What is most valuable?

When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the… more»

How has it helped my organization?

Previously, the developers would do their work and then it would be evaluated using something called penetration testing. With the results of the… more»

What needs improvement?

They could do with making more plugins for the more common integration engines out there. Right now, it supports automation engine by Jenkins but… more»

If you previously used a different solution, which one did you use and why did you switch?

We weren't using a previous solution, we were using a different approach which was very old and which doesn't work. It was penetration testing… more»

What other advice do I have?

My advice is "do it yesterday." You save yourself a lot of money. Even during one, two, or three weeks, it's going to cost you a lot of money to… more»
Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: July 2019.
352,552 professionals have used our research since 2012.
Devin Duffy
Real User
Information Security Specialist at a financial services firm with 1,001-5,000 employees
Mar 12 2019

What is most valuable?

The most valuable feature is the aggregation of threat details. In addition, it's their customer service. They've got really great customer service. I encourage developers to… more»

How has it helped my organization?

We're no longer building blindly with vulnerable components. We have awareness, we're pushing that awareness to developers, and we feel we have a better idea of what the threat… more»

What needs improvement?

Application onboarding is a little bit clunky. But I use their API for that, and their API is alright. Their documentation is pretty good but there was a little bit of a learning… more»

What other advice do I have?

Have an idea of where you're going to put it in the SDLC. Have an idea of where it's going to catch builds. Know what it does and how it works, to understand how the proxy and the… more»
Russell Webster
Real User
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees
Jul 04 2019

What is most valuable?

Its core features are the most valuable: * protection * scanning * detection * notification of vulnerabilities. It's… more»

How has it helped my organization?

Without it we didn't have any way to detect vulnerabilities except through reactive measures. It's allowed us to be… more»

What needs improvement?

Overall, it's pretty good. The drill-through and search capabilities are pretty good, they're not horrible. As far as the… more»

What's my experience with pricing, setup cost, and licensing?

Pricing is decent. It's not horrible. It's middle-of-the-road, as far as our ranking goes. They're a little bit more but… more»

If you previously used a different solution, which one did you use and why did you switch?

We did not have a solution with this type of capabilities. We had some type of Nexus product but we layered this on top… more»

What other advice do I have?

In the early stages of planning and design for rolling this out, ensure that you get all of your stakeholders involved… more»
Axel Niering
Real User
Achitekt at SV Informatik GmbH
Mar 07 2019

What is most valuable?

The most valuable feature is that I get a quick overview of the libraries that are included in the application, and the issues that are connected… more»

How has it helped my organization?

We're still using it in a PoC and it's not as integrated as it could be so it hasn't changed too much for us right now. But of course, what we want… more»

What needs improvement?

If there is something which is not in Maven Central, sometimes it is difficult to get the right information because it's not found. And if you look… more»

What's my experience with pricing, setup cost, and licensing?

Its pricing is competitive within the market. It's not very cheap, it's not very expensive.

What other advice do I have?

Look very closely look at Nexus Lifecycle to check whether the system is a possibility in your environment. It has good data quality and good… more»
Real User
Java Development Manager at a government with 10,001+ employees
Jul 04 2019

What is most valuable?

The way we can define policies and apply those policies selectively across the different applications is valuable. We can… more»

How has it helped my organization?

Before, we had open-source Nexus Repository, but with Lifecycle we have Nexus RM and IQ Server as well and we can scan… more»

What needs improvement?

It doesn't provide real-time notifications from the scans. We have to re-scan every time, whenever a build happens. Also… more»

What's my experience with pricing, setup cost, and licensing?

Pricing is comparable with some of the other products. We are happy with the pricing.

If you previously used a different solution, which one did you use and why did you switch?

We used the open-source version before moving to the licensed version of Sonatype.

What other advice do I have?

Their support is good. They help with understanding the environment. They helped us with the initial PoC work. Their… more»
ManojKumar9
Real User
Systems Analyst at Thrivent Financial for Lutherans
Mar 12 2019

What is most valuable?

* Easy to handle and easy to configure * User-friendly * Easy to map and easy to integrate * Easy to update * Fulfills a… more»

How has it helped my organization?

We have reduced a lot of security access issues. For example, we can restrict user access level for the baseline of our… more»

What needs improvement?

The only thing I can say is that sometimes we face difficulties with Maven Central. We are integrating everything with… more»

What's my experience with pricing, setup cost, and licensing?

The licensing is okay. Compared to IBM, Sonatype is good.

If you previously used a different solution, which one did you use and why did you switch?

We are looking back almost five years. We used a lot of IBM products and we used in-house products. With them, we were… more»

What other advice do I have?

There are demo licenses so ask them for one to try the solution. They will get back to you for sure. I would tell others… more»
Gus Orologas
Real User
Lead IT Security Architect at a transportation company with 10,001+ employees
Mar 27 2019

What is most valuable?

* The application onboarding and policy grandfathering features are good. * The solution integrates well with our existing DevOps tools. * It also blocks undesirable open-source… more»

What needs improvement?

Getting it integrated depends on your structure and how your DevOps teams are structured. The biggest thing is getting it used uniformly across all the different teams. It's more of a… more»

If you previously used a different solution, which one did you use and why did you switch?

We did not have a previous solution. We had nothing.

What other advice do I have?

We have one person assigned to this solution for maintenance. It's not being used extensively, and there's no plan to increase it, even though there's a desire to increase use of it… more»

Articles

User Assessments By Topic About Sonatype Nexus Lifecycle

Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: July 2019.
352,552 professionals have used our research since 2012.

Sonatype Nexus Lifecycle Questions

Sonatype Nexus Lifecycle Projects By Members

What is Sonatype Nexus Lifecycle?

Nexus Lifecycle gives you full control over your software supply chain and allows you to define rules, actions, and policies that work best for your organization and teams.

Also known as
Nexus Lifecycle
Sonatype Nexus Lifecycle customers

Genome.One, Blackboard, Crediterform, Crosskey, Intuit, Progress Software, Qualys, Liberty Mutual Insurance

Sign Up with Email