2019-02-19T08:38:00Z

What do you like most about Sonatype Nexus Lifecycle?


Hi Everyone,

What do you like most about Sonatype Nexus Lifecycle?

Thanks for sharing your thoughts with the community!

Guest
1919 Answers

author avatar
Top 10Real User

The report part is quite easy to read. The report part is very important to us because that is how we communicate to our security officer and the security committee. Therefore, we need to have a complete report that we can generate and pass onto them for review.

2020-05-03T06:36:00Z
author avatar
Real User

The policy engine is really cool. It allows you to set different types of policy violations, things such as the age of the component and the quality: Is it something that's being maintained? Those are all really great in helping get ahead of problems before they arise. You might otherwise end up with a library that's end-of-life and is not going to get any more fixes.

2020-04-26T06:32:00Z
author avatar
Top 5LeaderboardReal User

It integrates well with our existing DevOp tools because we can integrate it in our build pipeline. We can also trigger our build pipeline to create warnings and let the build fail if there is a critical vulnerability that violates our policy.

2020-03-08T10:06:00Z
author avatar
Top 10Real User

Some of the more profound features include the REST APIs. We tend to make use of those a lot. They also have a plugin for our CI/CD; we use Jenkins to do continuous integration, and it makes our pipeline build a lot more streamlined. It integrates with Jenkins very well.

2020-03-03T08:47:00Z
author avatar
Real User

The REST API is the most useful for us because it allows us to drive it remotely and, ideally, to automate it.

2020-03-01T06:37:00Z
author avatar
Top 5LeaderboardReal User

With the plugin for our IDE that Sonatype provides, we can check whether a library has security, quality, or licensing issues very easily. Which is nice because Googling for this stuff can be a bit cumbersome. By checking it before code is even committed, we save ourselves from getting notifications.

2020-03-01T06:37:00Z
author avatar
Top 5LeaderboardReal User

The proxy repository is probably the most valuable feature to us because it allows us to be more proactive in our builds. We're no longer tied to saving components to our repository.

2020-02-27T06:23:00Z
author avatar
Top 10Real User

The integration of Lifecycle is really good with Jenkins and GitHub; those work very well. We've been able to get it to work seamlessly with them so that it runs on every build that we have.

2020-02-26T05:55:00Z
author avatar
Top 5LeaderboardReal User

For us, it's seeing not only the licensing and security vulnerabilities but also seeing the age of the open-sources included within our software. That allows us to take proactive steps to make sure we're updating the software to versions that are regularly maintained and that don't have any vulnerabilities.

2020-02-19T08:48:00Z
author avatar
Top 10Real User

The key feature for Nexus Lifecycle is the proprietary data they have on vulnerabilities. The way that they combine all the different sources and also their own research into one concise article that clearly explains what the problem is. Most of the time, and even if you do notice that you have a problem, the public information available is pretty weak. So, if we want to assess if a problem applies to our product, it's really hard. We need to invest a lot of time digging into the problem. This work is basically done by Sonatype for us. The data that it delivers helps us with fixing or understanding the issue a lot quicker than without it.

2020-01-19T06:38:00Z
author avatar
Top 5LeaderboardReal User

The dashboard is usable and gives us clear visibility into what is happening. It also has a very cool feature, which allows us to see the clean version available to be downloaded. Therefore, it is very easy to go and trace which version of the component does not have any issues. The dashboard can be practical, as well. It can wave a particular version of a Java file or component. It can even grandfather certain components, because in a real world scenarios we cannot always take the time to go and update something because it's not backward compatible. Having these features make it a lot easier to use and more practical. It allows us to apply the security, without having an all or nothing approach.

2019-08-21T06:36:00Z
author avatar
Real User

The grandfathering mode allows us to add legacy applications which we know we're not going to change or refactor for some time. New developments can be scanned separately and we can obviously resolve those vulnerabilities where there are new applications developed. The grandfathering is a good way to separate what can be factored now, versus long-term technical debt.

2019-07-08T07:42:00Z
author avatar
Top 5LeaderboardReal User

The data quality is really good. They've got some of the best in the industry as far as that is concerned. As a result, it helps us to resolve problems faster. The visibility of the data, as well as their features that allow us to query and search - and even use it in the development IDE - allow us to remediate and find things faster.

2019-06-27T08:13:00Z
author avatar
Real User

The way we can define policies and apply those policies selectively across the different applications is valuable. We can define a separate policy for public-facing applications and a separate policy for the internal applications. That is cool.

2019-06-27T06:06:00Z
author avatar
Top 20Real User

The application onboarding and policy grandfathering features are good and the solution integrates well with our existing DevOps tools.

2019-03-26T08:09:00Z
author avatar
Top 20Real User

It scans and gives you a low false-positive count... The reason we picked Lifecycle over the other products is, while the other products were flagging stuff too, they were flagging things that were incorrect. Nexus has low false-positive results, which give us a high confidence factor.

2019-03-06T07:41:00Z
author avatar
Top 20Real User

The most valuable feature is that I get a quick overview of the libraries that are included in the application, and the issues that are connected with them. I can quickly understand which problems there are from a security point of view or from a licensing point of view. It's quick and very exact.

2019-02-24T10:18:00Z
author avatar
Top 20Real User

Among its valuable features, it's easy to handle and easy configure, it's user-friendly, and it's easy to map and integrate.

2019-02-19T08:38:00Z
author avatar
Top 20Real User

When developers are consuming open-source libraries from the internet, it's able to automatically block the ones that are insecure. And it has the ability to make suggestions on the ones they should be using instead.

2019-02-19T08:38:00Z
Learn what your peers think about Sonatype Nexus Lifecycle. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,726 professionals have used our research since 2012.