Sonatype Nexus Lifecycle ROI

EdwinKwan
Security Team Lead at Tyro Payments Limited
The area where we've seen ROI is security hygiene. We're using a lot fewer vulnerable libraries. What we have seen is that when there is news about something that is vulnerable, and that there is a tool that someone has created that allows you to exploit it, we normally already know about it and we've addressed it. There's peace of mind knowing that we're on top of it. View full review »
ConfigManag73548
Configuration Manager at a health, wellness and fitness company with 5,001-10,000 employees
We haven't seen ROI as yet, simply because we haven't been harnessing the full potential of the tool. The way I think we will potentially see a return on investment is if we are using any licenses that could be costing us indirectly. We could be looking at certain technical debt which we could be dropping. Those are the aspects we could look at, but we haven't yet maximized the true, full capability. View full review »
Charles Chani
DevSecOps at a financial services firm with 10,001+ employees
We see ROI in terms of better visibility into what we have in our developed software. View full review »
Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: October 2019.
382,399 professionals have used our research since 2012.
Devin Duffy
Information Security Specialist at a financial services firm with 1,001-5,000 employees
Security tools are difficult to pin down in terms of ROI. I can't honestly say that I have seen an ROI but, at the same time, it's an invisible cost. You don't know what it could cost you. You don't know what an attacker could find and exploit on your system. So all security products have a negative ROI, unless you can show attacks that have failed. If the attacks don't exist in your package because you removed the vulnerable component, you won't know. It's like a vaccine. It's valuable, but I don't think we can quantify the savings, just because of the way security works. We had a version of Apache Solr in a production application that we found vulnerabilities in and it hadn't gone through a Nexus scan. If it had gone through a Nexus scan they would have known that if they just bumped the version they wouldn't have had SQL injection in production. View full review »
Russell Webster
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees
The solution has improved the time it takes us to release secure apps to market. I can't approximate how much, there are too many factors there to consider. If you find a problem reactively without the tool, there's the remediation cost, versus the savings of finding it in the first place. It would be really hard for me to go back right now and say how many things we found and how often because it's happening very dynamically. Those findings are not anything I can measure right now. Then there are the things that we found that we might not have remediated. Maybe they were just okay, they weren't high-ranking and they weren't low-ranking errors. Now, we can decide that because we found them really early that we're not going to take that risk. Whereas before, we might've taken the risk - or not even have seen the risk. So it's hard to measure that. It's not literally speeding up our release to market. It's helping us avoid reactive costs and maintenance to the cycles after the fact. If an industry vulnerability is found, we get that notification really early. We have seen a return on our investment. In some cases, where we've needed to find out the footprint of a certain library across our enterprise, we've been able to do that research in seconds or minutes, rather than long, drawn-out processes with people and teams involved to hunt it down through source code and the like. As far as spinning up councils and people saying, "What's our vulnerability footprint look like?" we've been able to answer those questions much quicker and remediate quicker with other tools. Those things alone will probably pay for it. The safety stuff pays for it on its own too. View full review »
SrLeadSo5b76
Sr Lead Solution Services at a financial services firm with 201-500 employees
We have seen ROI. Nexus has improved the time it takes us to release secure apps to market by saving us weeks of rework. View full review »
Axel Niering
Achitekt at SV Informatik GmbH
We are still on our PoC, so there has been no investment up until now. We have just decided to invest in Nexus Lifecycle. I am sure that there will be a return on investment very soon. View full review »
JavaDevef0ca
Java Development Manager at a government with 10,001+ employees
We have only been using the licensed version for six months. But long-term, we definitely see it saving time and that will be our long-term return on investment. View full review »
Find out what your peers are saying about Sonatype Nexus Lifecycle vs. WhiteSource and other solutions. Updated: October 2019.
382,399 professionals have used our research since 2012.
Sign Up with Email