$("#pro-aspect-container .snippet-list").append('
CC<\/span><\/div><\/div>
Charles Chani<\/span><\/a><\/div>
DevSecOps at a financial services firm with 10,001+ employees<\/div><\/div><\/div><\/div>
<\/i><\/i><\/i><\/i><\/i> <\/span>
Feb 19, 2019<\/div><\/div>
When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the ability to make suggestions on the ones they should be using instead.<\/span><\/div><\/div><\/div>
Read full review<\/a> <\/i><\/div><\/div><\/div><\/div><\/div>
JC<\/span><\/div><\/div>
Julien Carsique<\/span><\/a><\/div>
DevOps Engineer at a Tech Vendor<\/div><\/div><\/div><\/div>
<\/i><\/i><\/i><\/i><\/i> <\/span>
Mar 1, 2020<\/div><\/div>
The REST API is the most useful for us because it allows us to drive it remotely and, ideally, to automate it.<\/span><\/div><\/div><\/div>
Read full review<\/a> <\/i><\/div><\/div><\/div><\/div><\/div>
BS<\/span><\/div><\/div>
reviewer1381962<\/span><\/a><\/div>
Enterprise Application Security Analyst at a comms service provider with 5,001-10,000 employees<\/div><\/div><\/div><\/div>
<\/i><\/i><\/i><\/i><\/i> <\/span>
Jul 5, 2020<\/div><\/div>
The component piece, where you can analyze the component, is the most valuable. You can pull the component up and you can look at what versions are bad, what versions are clean, and what versions haven't been reported on yet. You can make decisions based off of that, in terms of where you want to go. I like that it puts all that information right there in a window for you.<\/span><\/div><\/div><\/div>
Read full review<\/a> <\/i><\/div><\/div><\/div><\/div><\/div>
RC<\/span><\/div><\/div>
Ryan Carrie<\/span><\/a><\/div>
Security Analyst at Yellowfin<\/div><\/div><\/div><\/div>
<\/i><\/i><\/i><\/i><\/i> <\/span>
Apr 28, 2020<\/div><\/div>
The policy engine is really cool. It allows you to set different types of policy violations, things such as the age of the component and the quality: Is it something that's being maintained? Those are all really great in helping get ahead of problems before they arise. You might otherwise end up with a library that's end-of-life and is not going to get any more fixes.<\/span><\/div><\/div><\/div>
Read full review<\/a> <\/i><\/div><\/div><\/div><\/div><\/div>
\"Finto<\/div>
Finto Thomas<\/span><\/a><\/div>
Information Security Program Preparer / Architect at Alef Education<\/div><\/div><\/div><\/div>
<\/i><\/i><\/i><\/i><\/i> <\/span>
Mar 17, 2021<\/div><\/div>
The value I get from IQ Server is that I get information on real business risks. Is something compliant, are we using the proper license?<\/span><\/div><\/div><\/div>
Read full review<\/a> <\/i><\/div><\/div><\/div><\/div><\/div>
RW<\/span><\/div><\/div>
Russell Webster<\/span><\/a><\/div>
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees<\/div><\/div><\/div><\/div>
<\/i><\/i><\/i><\/i><\/i> <\/span>
Apr 27, 2020<\/div><\/div>
The data quality is really good. They've got some of the best in the industry as far as that is concerned. As a result, it helps us to resolve problems faster. The visibility of the data, as well as their features that allow us to query and search - and even use it in the development IDE - allow us to remediate and find things faster.<\/span><\/div><\/div><\/div>
Read full review<\/a> <\/i><\/div><\/div><\/div><\/div><\/div>
SL<\/span><\/div><\/div>
Sebastian Lawrence<\/span><\/a><\/div>
Solutions Delivery Lead at a financial services firm with 201-500 employees<\/div><\/div><\/div><\/div>
<\/i><\/i><\/i><\/i><\/i> <\/span>
Aug 21, 2019<\/div><\/div>
The dashboard is usable and gives us clear visibility into what is happening. It also has a very cool feature, which allows us to see the clean version available to be downloaded. Therefore, it is very easy to go and trace which version of the component does not have any issues. The dashboard can be practical, as well. It can wave a particular version of a Java file or component. It can even grandfather certain components, because in a real world scenarios we cannot always take the time to go and update something because it's not backward compatible. Having these features make it a lot easier to use and more practical. It allows us to apply the security, without having an all or nothing approach.<\/span><\/div><\/div><\/div>
Read full review<\/a> <\/i><\/div><\/div><\/div><\/div><\/div>
FT<\/span><\/div><\/div>
reviewer1268016<\/span><\/a><\/div>
IT Security Manager at a insurance company with 5,001-10,000 employees<\/div><\/div><\/div><\/div>
<\/i><\/i><\/i><\/i><\/i> <\/span>
Jan 19, 2020<\/div><\/div>
The key feature for Nexus Lifecycle is the proprietary data they have on vulnerabilities. The way that they combine all the different sources and also their own research into one concise article that clearly explains what the problem is. Most of the time, and even if you do notice that you have a problem, the public information available is pretty weak. So, if we want to assess if a problem applies to our product, it's really hard. We need to invest a lot of time digging into the problem. This work is basically done by Sonatype for us. The data that it delivers helps us with fixing or understanding the issue a lot quicker than without it.<\/span><\/div><\/div><\/div>