Sonatype Nexus Lifecycle Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
EdwinKwan
Real User
Security Team Lead at Tyro Payments Limited
Mar 13 2019

What is most valuable?

There are two things that allow us to do what we want to and that's why we chose Nexus Lifecycle. First, it scans and gives you a low false-positive count. When we were looking for a product to solve… more»

How has it helped my organization?

One of the ways that it has helped us is that it has given us visibility into security issues. It has made us a bit more proactive in dealing with things. Before, we depended on how much news there… more»

What needs improvement?

We created a Wiki page for each team showing an overview of their outstanding security issues because the Lifecycle reporting interface isn't as intuitive. It is good for people on my team who use it… more»

What's my experience with pricing, setup cost, and licensing?

We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.

What other advice do I have?

My advice is that you should definitely use it. You need to think about the rollout and to make sure you integrate it into the software development lifecycle. That's where you get the most value… more»

Which other solutions did I evaluate?

We did a PoC with a few companies and we picked Sonatype and we've been happy with them since. We looked at Black Duck, and we also look at the free version, the OWASP, a dependency checker. We also… more»
ColinStandish
Real User
Project Manager at a hospitality company with 10,001+ employees
Oct 16 2019

How has it helped my organization?

The key benefit we get from it is speed to delivery. It has improved our overall time to get new applications out with new code. That's true whether from a platform perspective, where we are quickly… more»

What needs improvement?

We've had some challenges around the database they use. We've had some big outages and it's due to the fact that we haven't found the database they use is all that stable. I think they've realized… more»

What's my experience with pricing, setup cost, and licensing?

One of the challenges we had around licensing was how to deal with anonymous requests. According to the letter of the contract, an anonymous request consumes a license. We had to do some work to get… more»

If you previously used a different solution, which one did you use and why did you switch?

We were using the open-source and free version of Nexus. Prior to that we weren't using a competing solution. We liked most of the things that we got with the free version. The extra capabilities we… more»

What other advice do I have?

Talk to Sonatype about how flexible they can be around their licensing. We did purchase 500 licenses, but initially we were around 20. Rather than paying for the whole thing, I would say, "If we… more»

Which other solutions did I evaluate?

We didn't look at any of the competing products at the time because we were happy with what we're getting from the open-source product. And we were happy with the conversation that we had with… more»
Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: October 2019.
372,124 professionals have used our research since 2012.
ConfigManag73548
Real User
Configuration Manager at a health, wellness and fitness company with 5,001-10,000 employees
Oct 03 2019

What is most valuable?

There are a number of features that we find valuable. The basic functionality of Sonatype is its scanning feature. Out of that, you get the reporting capability as part of… more»

How has it helped my organization?

One of the ways it has improved the way our organization functions is that it has created awareness of unlicensed, third-party dependencies and insecure vulnerabilities… more»

What needs improvement?

They have recently released some online training documentation, because we had to a lot of our own learning. If they had a more comprehensive online tutorial base, both… more»

What's my experience with pricing, setup cost, and licensing?

Our licensing is bundled. We pay a single licensing cost for both Nexus OSS and Nexus Lifecycle together. So I'm not sure what the individual costs would be. We bought… more»

If you previously used a different solution, which one did you use and why did you switch?

We did not have a previous solution. We brought on Nexus Lifecycle because there has been a heightened, more aggressive stance on security.

What other advice do I have?

Have a key, a defined goal because, as much as the tool is there, it isn't able to create a goal. The goal is, "We would like to improve the security of our codebase by at… more»

Which other solutions did I evaluate?

There's SonarQube which does static code analysis, but not at the level that Nexus IQ offers it. There is Artifactory, which does do Docker scanning now. One thing that… more»
Charles Chani
Real User
DevSecOps at a financial services firm with 10,001+ employees
Feb 28 2019

What is most valuable?

When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the ability to make suggestions on the ones they should… more»

How has it helped my organization?

Previously, the developers would do their work and then it would be evaluated using something called penetration testing. With the results of the penetration testing they would go back and make… more»

What needs improvement?

They could do with making more plugins for the more common integration engines out there. Right now, it supports automation engine by Jenkins but it doesn't fully support something like TeamCity… more»

If you previously used a different solution, which one did you use and why did you switch?

We weren't using a previous solution, we were using a different approach which was very old and which doesn't work. It was penetration testing which is very problematic. The way it worked was that an… more»

What other advice do I have?

My advice is "do it yesterday." You save yourself a lot of money. Even during one, two, or three weeks, it's going to cost you a lot of money to fix the security vulnerabilities that you are ingesting… more»

Which other solutions did I evaluate?

I think they looked at competitors but that wasn't my job. I'm familiar with the competitors. They are similar to Sonatype but, possibly, not as comprehensive. There are at least three or four other… more»
Devin Duffy
Real User
Information Security Specialist at a financial services firm with 1,001-5,000 employees
Mar 12 2019

What is most valuable?

The most valuable feature is the aggregation of threat details. In addition, it's their customer service. They've got really great customer service. I encourage developers to challenge whenever they see a security vulnerability that may not actually be a vulnerability, or that may be a false… more»

How has it helped my organization?

We're no longer building blindly with vulnerable components. We have awareness, we're pushing that awareness to developers, and we feel we have a better idea of what the threat landscape looks like. Things that we weren't even aware of that were bugs or vulnerabilities, we are now aware of them and… more»

What needs improvement?

Application onboarding is a little bit clunky. But I use their API for that, and their API is alright. Their documentation is pretty good but there was a little bit of a learning curve with it. Onboarding an application through the GUI is intuitive but it's time-consuming. By time-consuming I mean… more»

What other advice do I have?

Have an idea of where you're going to put it in the SDLC. Have an idea of where it's going to catch builds. Know what it does and how it works, to understand how the proxy and the firewall work. Understand how to scan components. Be ready to have an "orange team" - that's a new term - to have… more»
Russell Webster
Real User
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees
Jul 04 2019

What is most valuable?

Its core features are the most valuable: * protection * scanning * detection * notification of vulnerabilities. It's important for us as an enterprise to continually and… more»

How has it helped my organization?

Without it we didn't have any way to detect vulnerabilities except through reactive measures. It's allowed us to be proactive in our approach to vulnerability detection… more»

What needs improvement?

Overall, it's pretty good. The drill-through and search capabilities are pretty good, they're not horrible. As far as the relationship of, and ease of finding the… more»

What's my experience with pricing, setup cost, and licensing?

Pricing is decent. It's not horrible. It's middle-of-the-road, as far as our ranking goes. They're a little bit more but that's also because they provide more. They put… more»

If you previously used a different solution, which one did you use and why did you switch?

We did not have a solution with this type of capabilities. We had some type of Nexus product but we layered this on top. We didn't have that capability.

What other advice do I have?

In the early stages of planning and design for rolling this out, ensure that you get all of your stakeholders involved; those who will have an input on the policy… more»

Which other solutions did I evaluate?

We looked at Artifactory as well. We went with Sonatype because it is more comprehensive, it's a market leader, has a great feature set, and support is really good. It's a… more»
Real User
Sr Lead Solution Services at a financial services firm with 201-500 employees
Aug 25 2019

What is most valuable?

The scanning is fantastic. The dashboard is usable and gives us clear visibility into what is happening. It also has a very cool feature, which allows us to see the clean version available to be downloaded. Therefore, it is very easy to go… more»

How has it helped my organization?

We have increased the digital footprint of our company over the last few, extensively. We have extensive open source development happening which depend on open source components. Using the scanning with Nexus IQ, a lower count of false… more»

What needs improvement?

We use Griddle a lot for integrating into our local builds with the IDE, which is another built system. There is not a lot of support for it nor published modules that can be readily used. So, we had to create our own. No Griddle plugins… more»

If you previously used a different solution, which one did you use and why did you switch?

Nexus was our first implementation.

Which other solutions did I evaluate?

We evaluated different Black Duck and WhiteSource, but chose Nexus because we felt it was the best product offered. In early 2017, Black Duck had an approach of uploading everything all at one time, then coming back later to see the report… more»
Axel Niering
Real User
Achitekt at SV Informatik GmbH
Mar 07 2019

What is most valuable?

The most valuable feature is that I get a quick overview of the libraries that are included in the application, and the issues that are connected with them. I can quickly understand which problems… more»

How has it helped my organization?

We're still using it in a PoC and it's not as integrated as it could be so it hasn't changed too much for us right now. But of course, what we want to do is to keep safe, look at the vulnerabilities… more»

What needs improvement?

If there is something which is not in Maven Central, sometimes it is difficult to get the right information because it's not found. And if you look at NPM-based applications, JavaScript, for example… more»

What's my experience with pricing, setup cost, and licensing?

Its pricing is competitive within the market. It's not very cheap, it's not very expensive.

What other advice do I have?

Look very closely look at Nexus Lifecycle to check whether the system is a possibility in your environment. It has good data quality and good integration in our build environment. Everyone must check… more»

Which other solutions did I evaluate?

We also evaluated Black Duck. We selected Nexus because of the data quality and the ability to integrate it into our build process.
See 3 More Sonatype Nexus Lifecycle Reviews

Articles

User Assessments By Topic About Sonatype Nexus Lifecycle

Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: October 2019.
372,124 professionals have used our research since 2012.

Sonatype Nexus Lifecycle Questions

What is Sonatype Nexus Lifecycle?

Nexus Lifecycle gives you full control over your software supply chain and allows you to define rules, actions, and policies that work best for your organization and teams.

Also known as
Nexus Lifecycle
Sonatype Nexus Lifecycle customers

Genome.One, Blackboard, Crediterform, Crosskey, Intuit, Progress Software, Qualys, Liberty Mutual Insurance

Sign Up with Email