2019-02-19T08:38:00Z

What do you like most about Sonatype Nexus Lifecycle?

Julia Miller - PeerSpot reviewer
  • 0
  • 59
PeerSpot user
34

34 Answers

Vishal Dhamke - PeerSpot reviewer
Real User
Top 5
2023-12-29T09:06:00Z
Dec 29, 2023

Fortify integrates with various development environments and tools, such as IDEs (Integrated Development Environments) and CI/CD pipelines.

Search for a product comparison
AA
Real User
Top 5Leaderboard
2023-10-26T09:59:00Z
Oct 26, 2023

Automating the Jenkins plugins and the build title is a big plus.

Finto Thomas - PeerSpot reviewer
Real User
Top 10
2023-01-20T15:22:38Z
Jan 20, 2023

The IQ server and repo are the most valuable.

LR
Real User
Top 20
2022-10-28T13:36:41Z
Oct 28, 2022

Due to the sheer amount of vulnerabilities and the fact that my company is still working on eliminating all vulnerabilities, it's still too early for me to say what I like most about Sonatype Nexus Lifecycle. Still, one of the best functions of the product is the guidance it gives in finding which components or applications have vulnerabilities.

For example, my team had a vulnerability or a CVE connected to Apache last week. My team couldn't find which applications had the vulnerability initially, but using Sonatype Nexus Lifecycle helped. My team deployed new versions on that same day and successfully eliminated the vulnerabilities, so right now, the best feature of Sonatype Nexus Lifecycle is finding which applications have vulnerabilities.

Hisham Shoukathali - PeerSpot reviewer
Real User
Top 5
2022-08-25T15:50:24Z
Aug 25, 2022

The most valuable features of the Sonatype Nexus Lifecycle are the evaluation of the unit test coverage, vulnerability scanning, duplicate code lines, code smells, and unnecessary loops.

HB
Real User
Top 5
2022-07-06T06:31:51Z
Jul 6, 2022

Vulnerability detection accuracy is good.

Learn what your peers think about Sonatype Lifecycle. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.
Chris Coetzee - PeerSpot reviewer
Real User
Top 10
2022-05-05T15:16:19Z
May 5, 2022

Lifecycle lets developers see any vulnerabilities or AGPL license issues associated with code in the early stages of development. The nice thing is that it's built into the ID so that they can see all versions of a specific code.

MI
Real User
Top 20
2022-03-20T07:50:20Z
Mar 20, 2022

The most important features of the Sonatype Nexus Lifecycle are the vulnerability reports.

KS
Real User
2022-01-10T10:18:00Z
Jan 10, 2022

The integrations into developer tooling are quite nice. I have the integration for Eclipse and for Visual Studio. Colleagues are using the Javascript IDE from JetBrains called WebStorm and there is an integration for that from Nexus Lifecycle. I have not heard about anything that is not working. It's also quite easy to integrate it. You just need to set up a project or an app and then you just make the connection in all the tools you're using.

IV
Real User
2021-09-02T18:22:00Z
Sep 2, 2021

The quality or the profiles that you can set are most valuable. The remediation of issues that you can do and how the information is offered is also valuable.

SS
Real User
2021-09-02T14:10:00Z
Sep 2, 2021

Its engine itself is most valuable in terms of the way it calculates and decides whether a security vulnerability exists or not. That's the most important thing. Its security is also pretty good, and its listing about the severities is also good.

RS
Real User
2021-03-19T17:22:00Z
Mar 19, 2021

We really like the Nexus Firewall. There are increasing threats from npm, rogue components, and we've been able to leverage protection there. We also really like being able to know which of our apps has known vulnerabilities.

Finto Thomas - PeerSpot reviewer
Real User
Top 10
2021-03-17T03:28:00Z
Mar 17, 2021

The value I get from IQ Server is that I get information on real business risks. Is something compliant, are we using the proper license?

BS
Real User
2020-07-05T09:38:00Z
Jul 5, 2020

The component piece, where you can analyze the component, is the most valuable. You can pull the component up and you can look at what versions are bad, what versions are clean, and what versions haven't been reported on yet. You can make decisions based off of that, in terms of where you want to go. I like that it puts all that information right there in a window for you.

AB
Real User
2020-07-05T09:38:00Z
Jul 5, 2020

When I started to install the Nexus products and started to integrate them into our development cycle, it helped us construct or fill out our development process in general. The build stage is a really good template for us and it helped establish a structure that we could build our whole continuous integration and development process around. Now our git repos are tagged for different build stages data, staging, and for release. That aligns with the Nexus Lifecycle build stages.

MA
Real User
2020-07-02T10:06:00Z
Jul 2, 2020

The scanning capability is its most valuable feature, discovering vulnerable open source libraries.

RH
Real User
2020-05-03T06:36:00Z
May 3, 2020

The report part is quite easy to read. The report part is very important to us because that is how we communicate to our security officer and the security committee. Therefore, we need to have a complete report that we can generate and pass onto them for review.

RC
Real User
2020-04-26T06:32:00Z
Apr 26, 2020

The policy engine is really cool. It allows you to set different types of policy violations, things such as the age of the component and the quality: Is it something that's being maintained? Those are all really great in helping get ahead of problems before they arise. You might otherwise end up with a library that's end-of-life and is not going to get any more fixes.

ME
Real User
2020-03-03T08:47:00Z
Mar 3, 2020

Some of the more profound features include the REST APIs. We tend to make use of those a lot. They also have a plugin for our CI/CD; we use Jenkins to do continuous integration, and it makes our pipeline build a lot more streamlined. It integrates with Jenkins very well.

RV
Real User
2020-03-01T06:37:00Z
Mar 1, 2020

With the plugin for our IDE that Sonatype provides, we can check whether a library has security, quality, or licensing issues very easily. Which is nice because Googling for this stuff can be a bit cumbersome. By checking it before code is even committed, we save ourselves from getting notifications.

JC
Real User
2020-03-01T06:37:00Z
Mar 1, 2020

The REST API is the most useful for us because it allows us to drive it remotely and, ideally, to automate it.

WK
Real User
2020-02-27T06:23:00Z
Feb 27, 2020

The proxy repository is probably the most valuable feature to us because it allows us to be more proactive in our builds. We're no longer tied to saving components to our repository.

SH
Real User
2020-02-26T05:55:00Z
Feb 26, 2020

The integration of Lifecycle is really good with Jenkins and GitHub; those work very well. We've been able to get it to work seamlessly with them so that it runs on every build that we have.

AC
Consultant
2020-02-19T08:48:00Z
Feb 19, 2020

For us, it's seeing not only the licensing and security vulnerabilities but also seeing the age of the open-sources included within our software. That allows us to take proactive steps to make sure we're updating the software to versions that are regularly maintained and that don't have any vulnerabilities.

FT
Real User
2020-01-19T06:38:00Z
Jan 19, 2020

The key feature for Nexus Lifecycle is the proprietary data they have on vulnerabilities. The way that they combine all the different sources and also their own research into one concise article that clearly explains what the problem is. Most of the time, and even if you do notice that you have a problem, the public information available is pretty weak. So, if we want to assess if a problem applies to our product, it's really hard. We need to invest a lot of time digging into the problem. This work is basically done by Sonatype for us. The data that it delivers helps us with fixing or understanding the issue a lot quicker than without it.

SL
Real User
2019-08-21T06:36:00Z
Aug 21, 2019

The dashboard is usable and gives us clear visibility into what is happening. It also has a very cool feature, which allows us to see the clean version available to be downloaded. Therefore, it is very easy to go and trace which version of the component does not have any issues. The dashboard can be practical, as well. It can wave a particular version of a Java file or component. It can even grandfather certain components, because in a real world scenarios we cannot always take the time to go and update something because it's not backward compatible. Having these features make it a lot easier to use and more practical. It allows us to apply the security, without having an all or nothing approach.

LH
Real User
2019-07-08T07:42:00Z
Jul 8, 2019

The grandfathering mode allows us to add legacy applications which we know we're not going to change or refactor for some time. New developments can be scanned separately and we can obviously resolve those vulnerabilities where there are new applications developed. The grandfathering is a good way to separate what can be factored now, versus long-term technical debt.

RW
Real User
2019-06-27T08:13:00Z
Jun 27, 2019

The data quality is really good. They've got some of the best in the industry as far as that is concerned. As a result, it helps us to resolve problems faster. The visibility of the data, as well as their features that allow us to query and search - and even use it in the development IDE - allow us to remediate and find things faster.

AM
Real User
2019-06-27T06:06:00Z
Jun 27, 2019

The way we can define policies and apply those policies selectively across the different applications is valuable. We can define a separate policy for public-facing applications and a separate policy for the internal applications. That is cool.

GO
Real User
2019-03-26T08:09:00Z
Mar 26, 2019

The application onboarding and policy grandfathering features are good and the solution integrates well with our existing DevOps tools.

EK
Real User
2019-03-06T07:41:00Z
Mar 6, 2019

It scans and gives you a low false-positive count... The reason we picked Lifecycle over the other products is, while the other products were flagging stuff too, they were flagging things that were incorrect. Nexus has low false-positive results, which give us a high confidence factor.

Axel Niering - PeerSpot reviewer
Real User
Top 5Leaderboard
2019-02-24T10:18:00Z
Feb 24, 2019

The most valuable feature is that I get a quick overview of the libraries that are included in the application, and the issues that are connected with them. I can quickly understand which problems there are from a security point of view or from a licensing point of view. It's quick and very exact.

MK
Real User
2019-02-19T08:38:00Z
Feb 19, 2019

Among its valuable features, it's easy to handle and easy configure, it's user-friendly, and it's easy to map and integrate.

CC
Real User
2019-02-19T08:38:00Z
Feb 19, 2019

When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the ability to make suggestions on the ones they should be using instead.

Sonatype Lifecycle is an open-source security and dependency management software that uses only one tool to automatically find open-source vulnerabilities at every stage of the System Development Life Cycle (SDLC). Users can now minimize security vulnerabilities, permitting organizations to enhance development workflow. Sonatype Lifecycle gives the user complete control over their software supply chain, allowing them to regain wasted time fighting risks in the SDLC. In addition, this software...
Download Sonatype Lifecycle ReportRead more

Related Q&As