2019-02-19T08:38:00Z

What is your experience regarding pricing and costs for Sonatype Nexus Lifecycle?

Miriam Tover - PeerSpot reviewer
  • 0
  • 588
PeerSpot user
28

28 Answers

ES
Consultant
Top 20
2024-01-17T15:21:00Z
Jan 17, 2024

I would rate the affordability of the solution as an eight out of ten.

Search for a product comparison
AA
Real User
Top 5Leaderboard
2023-12-29T08:06:00Z
Dec 29, 2023

There is a licensing fee, and if you bring them to the company and you want them to do the installation and the implementation in the beginning, there is a separate cost. Similarly, if you want consultation or training, there is a separate cost. I see it as suitable only for enterprises. I do not see it suitable for a small business or individual use. In the future, if they have other versions for smaller organizations or individuals who want to install it on their machines and use it, it would be good.

JB
Real User
Top 5
2023-12-29T08:04:00Z
Dec 29, 2023

Their licensing is expensive.

NS
Real User
Top 10
2023-12-29T07:59:00Z
Dec 29, 2023

From our standpoint, we are significantly better off with Fortify due to the favorable pricing we secured five years ago. I'm unable to comment on their current pricing; however, I am aware that switching to a different vendor like Checkmarx would result in considerably higher costs. It appears that we're paying a premium for the robustness of their design rather than being able to benefit from the pricing that was previously negotiated.

VF
Real User
Top 10
2023-12-29T07:55:00Z
Dec 29, 2023

Although I am not responsible for the budget, Fortify SAST is expensive.

Maurizio Garofalo - PeerSpot reviewer
Real User
Top 10
2023-12-29T07:51:00Z
Dec 29, 2023

In terms of capabilities, the solution has all the capabilities necessary for the activity required. It's more economical than the other Big Three in the market as well. The price, overall, is quite good.

Learn what your peers think about Sonatype Lifecycle. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
AA
Real User
Top 5Leaderboard
2023-10-26T09:59:00Z
Oct 26, 2023

There is a licensing fee, and if you bring them to the company and you want them to do the installation and the implementation in the beginning, there is a separate cost. Similarly, if you want consultation or training, there is a separate cost. I see it as suitable only for enterprises. I do not see it suitable for a small business or individual use. In the future, if they have other versions for smaller organizations or individuals who want to install it on their machines and use it, it would be good.

Finto Thomas - PeerSpot reviewer
Real User
Top 10
2023-01-20T15:22:38Z
Jan 20, 2023

Their pricing is within the same range as the enterprise bundle, around $50,000 US dollars.

LR
Real User
Top 20
2022-10-28T13:36:41Z
Oct 28, 2022

In comparison with other tools, Sonatype Nexus Lifecycle could be more expensive. Still, at the same time, my company prioritizes security, so the pricing for Sonatype Nexus Lifecycle hasn't been an issue. If IT security weren't at the top of the list for my company, somebody would have raised the question about cost and how Sonatype Nexus Lifecycle is in terms of ROI. So far, there's been no question about the price. The cost of Sonatype Nexus Lifecycle hasn't been a problem so far. My company pays for the license yearly, plus technical support.

Chris Coetzee - PeerSpot reviewer
Real User
Top 10
2022-05-05T15:16:19Z
May 5, 2022

Nexus Lifecycle manager has a license for each server you deploy. You also pay a charge per user, including developers, release managers, and anybody else involved in the software development lifecycle. The price is fair for the value you get, but customers always want it cheaper.

IV
Real User
2021-09-02T18:22:00Z
Sep 2, 2021

There are additional costs in commercial offerings for add-ons such as Nexus Container or IDE Advanced Toolkit. They come with additional fees or licenses.

SS
Real User
2021-09-02T14:10:00Z
Sep 2, 2021

Given the number of users we have, it is one of the most expensive tools in our portfolio, which includes some real heavy-duty tools such as GitLab, Jira, etc. It is definitely a bit on the expensive side, and the ambiguity in how the licenses are calculated adds to the cost as well. If there is a better understanding of how the licenses are being calculated, there would be a better agreement between the two parties, and the cost might also be a little less. There is no extra cost from Sonatype. There is an operational cost on the BT side in terms of resources, etc.

RS
Real User
2021-03-19T17:22:00Z
Mar 19, 2021

It's expensive, but you get what you pay for. There were no problems with the base license and how they do it. It was transparent. You don't have to worry. You can scan to your heart's delight. They're pretty much based on co-contributing developers, so if you have auditors or AppSec, that doesn't count against your total. We're not using their Advanced Development Pack because it costs more money. That is a sore spot. We're not using the Infrastructure as Code Pack or the Advanced Legal Pack because there hasn't really been a lot of appetite to use the DLC mode. That's a criticism I have of Sonatype. I understand they want to get paid, everybody does, but they're adding new features to the product as add-on purchases, as opposed to just improving the product. You pay for a subscription to the product. If we had bought a permanent license and we weren't paying a subscription, I could see it working that way. But I don't like the fact that we pay a subscription but we're not getting these features because they want to charge more for these packs. I have told them that. I have said, "I don't like this model. We're paying you guys a lot of money already. Why are we having to be quoted to pay even more?" Maybe our subscription only pays for the data and the support, and if so, that's fine, but they weren't very transparent. They're saying, "Hey, we're going to be developing new features and capabilities, but they're going to cost more." As far as vendors go they're a good vendor, but this is one thing that they started doing that I don't like. I don't like the whole "pack" mentality they've got going now. "We're going to come up with cool new features, dangle them in front of you, and then say, 'Hey, we know you're already paying a bunch of money per year for a sub, but you're going to have to pay more if you want this.'" It rubs me the wrong way. They only started coming out with these packs in the past year or so. I'll say, "I wish the product did this," and they'll say, "Oh, we're working on a pack to do that, but it'll cost money." I had to move mountains to get the money to pay for the base product. It's not cheap. I don't know if they think we've got a money printing machine hiding in the back, but we don't.

Finto Thomas - PeerSpot reviewer
Real User
Top 10
2021-03-17T03:28:00Z
Mar 17, 2021

Cost is a drawback. It's somewhat costly.

BS
Real User
2020-07-05T09:38:00Z
Jul 5, 2020

I'm not familiar with the pricing in detail, but I believe it was pretty reasonably priced, compared to the market.

AB
Real User
2020-07-05T09:38:00Z
Jul 5, 2020

I don't know anything about the pricing. I know that our license is the most encompassing one you can get. It includes the IQ server (Lifecyle, Firewall) and the Repository Manager Pro. Firewall is really useful for us to keep an eye on our proxy repositories for vulnerabilities. That's another layer of helping us make sure that we don't have vulnerable products. The expense is justifiable because of the potential to save a company a lot of money in lawsuits and risks from having vulnerable packages in their applications.

MA
Real User
2020-07-02T10:06:00Z
Jul 2, 2020

Lifecycle, to the best of my recollection, had the best pricing compared with other solutions.

ME
Real User
2020-03-03T08:47:00Z
Mar 3, 2020

I'm not involved in the financial aspects, but I don't think it's overly expensive. We use the professional version. There's an open-source version that would cost us next to nothing, but we do use the professional version.

RV
Real User
2020-03-01T06:37:00Z
Mar 1, 2020

In addition to the license fee for IQ Server, you have to factor in some running costs. We use AWS, so we spun up an additional VM to run this. If the database is RDS that adds a little bit extra too. Of course someone could run it on a pre-existing VM or physical server to reduce costs. I should add that compared to the license fee, the running costs are so minimal they had no effect on our decision to use IQ Server. The license fee may be a bit harder for startups to justify. But it will save you a headache later as well as peace of mind. Additionally, it shows your own customers that you value security stuff and will protect yourselves from any licensing issues, which is good marketing too.

WK
Real User
2020-02-27T06:23:00Z
Feb 27, 2020

We pay yearly.

AC
Consultant
2020-02-19T08:48:00Z
Feb 19, 2020

We pay on a yearly basis.

FT
Real User
2020-01-19T06:38:00Z
Jan 19, 2020

The price is good. We certainly get a lot more in return. However, it's also hard to get the funds to roll out such a product for the entire firm. Therefore, pricing has been a limiting factor for us. However, it's a fair price, and I'm confident that we can sell this story appropriately.

LH
Real User
2019-07-08T07:42:00Z
Jul 8, 2019

Our licensing is bundled. We pay a single licensing cost for both Nexus OSS and Nexus Lifecycle together. So I'm not sure what the individual costs would be. We bought both Nexus Repo - we're using Nexus 2.0 and Nexus 3.0 - and Nexus Lifecycle.

RW
Real User
2019-06-27T08:13:00Z
Jun 27, 2019

Pricing is decent. It's not horrible. It's middle-of-the-road, as far as our ranking goes. They're a little bit more but that's also because they provide more. They put more manpower and time into their research - the details on their findings and the way they bring those to the surface. They offer some more features that others don't have, so I understand why it's a little bit more. They were pretty good with us on pricing, working through it.

AM
Real User
2019-06-27T06:06:00Z
Jun 27, 2019

Pricing is comparable with some of the other products. We are happy with the pricing.

EK
Real User
2019-03-06T07:41:00Z
Mar 6, 2019

We're pretty happy with the price, for what it is delivering for us and the value we're getting from it.

Axel Niering - PeerSpot reviewer
Real User
Top 5Leaderboard
2019-02-24T10:18:00Z
Feb 24, 2019

Its pricing is competitive within the market. It's not very cheap, it's not very expensive.

MK
Real User
2019-02-19T08:38:00Z
Feb 19, 2019

The licensing is okay. Compared to IBM, Sonatype is good.

Sonatype Lifecycle is an open-source security and dependency management software that uses only one tool to automatically find open-source vulnerabilities at every stage of the System Development Life Cycle (SDLC). Users can now minimize security vulnerabilities, permitting organizations to enhance development workflow. Sonatype Lifecycle gives the user complete control over their software supply chain, allowing them to regain wasted time fighting risks in the SDLC. In addition, this software...
Download Sonatype Lifecycle ReportRead more

Related Q&As