Sonatype Nexus Lifecycle Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
EdwinKwan
Real User
Security Team Lead at Tyro Payments Limited
Mar 13 2019

What is most valuable?

There are two things that allow us to do what we want to and that's why we chose Nexus Lifecycle. First, it scans and gives you a low false-positive count. When we were looking for a product to solve… more»

How has it helped my organization?

One of the ways that it has helped us is that it has given us visibility into security issues. It has made us a bit more proactive in dealing with things. Before, we depended on how much news there… more»

What needs improvement?

We created a Wiki page for each team showing an overview of their outstanding security issues because the Lifecycle reporting interface isn't as intuitive. It is good for people on my team who use it… more»

What's my experience with pricing, setup cost, and licensing?

We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.

What other advice do I have?

My advice is that you should definitely use it. You need to think about the rollout and to make sure you integrate it into the software development lifecycle. That's where you get the most value… more»

Which other solutions did I evaluate?

We did a PoC with a few companies and we picked Sonatype and we've been happy with them since. We looked at Black Duck, and we also look at the free version, the OWASP, a dependency checker. We also… more»
Charles Chani
Real User
DevSecOps at a financial services firm with 10,001+ employees
Feb 28 2019

What is most valuable?

When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the ability to make suggestions on the ones they should… more»

How has it helped my organization?

Previously, the developers would do their work and then it would be evaluated using something called penetration testing. With the results of the penetration testing they would go back and make… more»

What needs improvement?

They could do with making more plugins for the more common integration engines out there. Right now, it supports automation engine by Jenkins but it doesn't fully support something like TeamCity… more»

If you previously used a different solution, which one did you use and why did you switch?

We weren't using a previous solution, we were using a different approach which was very old and which doesn't work. It was penetration testing which is very problematic. The way it worked was that an… more»

What other advice do I have?

My advice is "do it yesterday." You save yourself a lot of money. Even during one, two, or three weeks, it's going to cost you a lot of money to fix the security vulnerabilities that you are ingesting… more»

Which other solutions did I evaluate?

I think they looked at competitors but that wasn't my job. I'm familiar with the competitors. They are similar to Sonatype but, possibly, not as comprehensive. There are at least three or four other… more»
Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: September 2019.
366,239 professionals have used our research since 2012.
Devin Duffy
Real User
Information Security Specialist at a financial services firm with 1,001-5,000 employees
Mar 12 2019

What is most valuable?

The most valuable feature is the aggregation of threat details. In addition, it's their customer service. They've got really great customer service. I encourage developers to challenge whenever they see a security vulnerability that may not actually be a vulnerability, or that may be a false… more»

How has it helped my organization?

We're no longer building blindly with vulnerable components. We have awareness, we're pushing that awareness to developers, and we feel we have a better idea of what the threat landscape looks like. Things that we weren't even aware of that were bugs or vulnerabilities, we are now aware of them and… more»

What needs improvement?

Application onboarding is a little bit clunky. But I use their API for that, and their API is alright. Their documentation is pretty good but there was a little bit of a learning curve with it. Onboarding an application through the GUI is intuitive but it's time-consuming. By time-consuming I mean… more»

What other advice do I have?

Have an idea of where you're going to put it in the SDLC. Have an idea of where it's going to catch builds. Know what it does and how it works, to understand how the proxy and the firewall work. Understand how to scan components. Be ready to have an "orange team" - that's a new term - to have… more»
Russell Webster
Real User
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees
Jul 04 2019

What is most valuable?

Its core features are the most valuable: * protection * scanning * detection * notification of vulnerabilities. It's important for us as an enterprise to continually and… more»

How has it helped my organization?

Without it we didn't have any way to detect vulnerabilities except through reactive measures. It's allowed us to be proactive in our approach to vulnerability detection… more»

What needs improvement?

Overall, it's pretty good. The drill-through and search capabilities are pretty good, they're not horrible. As far as the relationship of, and ease of finding the… more»

What's my experience with pricing, setup cost, and licensing?

Pricing is decent. It's not horrible. It's middle-of-the-road, as far as our ranking goes. They're a little bit more but that's also because they provide more. They put… more»

If you previously used a different solution, which one did you use and why did you switch?

We did not have a solution with this type of capabilities. We had some type of Nexus product but we layered this on top. We didn't have that capability.

What other advice do I have?

In the early stages of planning and design for rolling this out, ensure that you get all of your stakeholders involved; those who will have an input on the policy… more»

Which other solutions did I evaluate?

We looked at Artifactory as well. We went with Sonatype because it is more comprehensive, it's a market leader, has a great feature set, and support is really good. It's a… more»
Real User
Sr Lead Solution Services at a financial services firm with 201-500 employees
Aug 25 2019

What is most valuable?

The scanning is fantastic. The dashboard is usable and gives us clear visibility into what is happening. It also has a very cool feature, which allows us to see the clean version available to be downloaded. Therefore, it is very easy to go… more»

How has it helped my organization?

We have increased the digital footprint of our company over the last few, extensively. We have extensive open source development happening which depend on open source components. Using the scanning with Nexus IQ, a lower count of false… more»

What needs improvement?

We use Griddle a lot for integrating into our local builds with the IDE, which is another built system. There is not a lot of support for it nor published modules that can be readily used. So, we had to create our own. No Griddle plugins… more»

If you previously used a different solution, which one did you use and why did you switch?

Nexus was our first implementation.

Which other solutions did I evaluate?

We evaluated different Black Duck and WhiteSource, but chose Nexus because we felt it was the best product offered. In early 2017, Black Duck had an approach of uploading everything all at one time, then coming back later to see the report… more»
Axel Niering
Real User
Achitekt at SV Informatik GmbH
Mar 07 2019

What is most valuable?

The most valuable feature is that I get a quick overview of the libraries that are included in the application, and the issues that are connected with them. I can quickly understand which problems… more»

How has it helped my organization?

We're still using it in a PoC and it's not as integrated as it could be so it hasn't changed too much for us right now. But of course, what we want to do is to keep safe, look at the vulnerabilities… more»

What needs improvement?

If there is something which is not in Maven Central, sometimes it is difficult to get the right information because it's not found. And if you look at NPM-based applications, JavaScript, for example… more»

What's my experience with pricing, setup cost, and licensing?

Its pricing is competitive within the market. It's not very cheap, it's not very expensive.

What other advice do I have?

Look very closely look at Nexus Lifecycle to check whether the system is a possibility in your environment. It has good data quality and good integration in our build environment. Everyone must check… more»

Which other solutions did I evaluate?

We also evaluated Black Duck. We selected Nexus because of the data quality and the ability to integrate it into our build process.
Real User
Java Development Manager at a government with 10,001+ employees
Jul 04 2019

What is most valuable?

The way we can define policies and apply those policies selectively across the different applications is valuable. We can define a separate policy for public-facing… more»

How has it helped my organization?

Before, we had open-source Nexus Repository, but with Lifecycle we have Nexus RM and IQ Server as well and we can scan .jars. In addition, we have the plugins for… more»

What needs improvement?

It doesn't provide real-time notifications from the scans. We have to re-scan every time, whenever a build happens. Also, since Nexus Repository just keeps on adding the… more»

What's my experience with pricing, setup cost, and licensing?

Pricing is comparable with some of the other products. We are happy with the pricing.

If you previously used a different solution, which one did you use and why did you switch?

We used the open-source version before moving to the licensed version of Sonatype.

What other advice do I have?

Their support is good. They help with understanding the environment. They helped us with the initial PoC work. Their product is configurable. We can customize the… more»

Which other solutions did I evaluate?

We didn't look at any other options. We have been using Nexus for years. We had some initial sessions with them, we did a PoC and we liked the product. We went ahead with… more»
ManojKumar9
Real User
Systems Analyst at Thrivent Financial for Lutherans
Mar 12 2019

What is most valuable?

* Easy to handle and easy to configure * User-friendly * Easy to map and easy to integrate * Easy to update * Fulfills a lot of security purposes It has all the features we need.

How has it helped my organization?

We have reduced a lot of security access issues. For example, we can restrict user access level for the baseline of our organization's security. Right now we are using it in Jenkins, it's open-source… more»

What needs improvement?

The only thing I can say is that sometimes we face difficulties with Maven Central. We are integrating everything with that, as a repository. If Maven Central changes something in its versions... For… more»

What's my experience with pricing, setup cost, and licensing?

The licensing is okay. Compared to IBM, Sonatype is good.

If you previously used a different solution, which one did you use and why did you switch?

We are looking back almost five years. We used a lot of IBM products and we used in-house products. With them, we were able to directly copy the dependencies we had in Maven Central to our local… more»

What other advice do I have?

There are demo licenses so ask them for one to try the solution. They will get back to you for sure. I would tell others how easy and how good the product is, and how easily they can implement… more»
See 1 More Sonatype Nexus Lifecycle Reviews

Articles

User Assessments By Topic About Sonatype Nexus Lifecycle

Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: September 2019.
366,239 professionals have used our research since 2012.

Sonatype Nexus Lifecycle Questions

What is Sonatype Nexus Lifecycle?

Nexus Lifecycle gives you full control over your software supply chain and allows you to define rules, actions, and policies that work best for your organization and teams.

Also known as
Nexus Lifecycle
Sonatype Nexus Lifecycle customers

Genome.One, Blackboard, Crediterform, Crosskey, Intuit, Progress Software, Qualys, Liberty Mutual Insurance

Sign Up with Email