Sonatype Reviews

ColinStandish
Real User
Project Manager at a hospitality company with 10,001+ employees
Oct 16 2019

How has it helped my organization?

The key benefit we get from it is speed to delivery. It has improved our overall time to get new applications out with new code. That's true whether from a platform perspective, where we are quickly… more»

What needs improvement?

We've had some challenges around the database they use. We've had some big outages and it's due to the fact that we haven't found the database they use is all that stable. I think they've realized… more»

What's my experience with pricing, setup cost, and licensing?

One of the challenges we had around licensing was how to deal with anonymous requests. According to the letter of the contract, an anonymous request consumes a license. We had to do some work to get… more»

Which solution did I use previously and why did I switch?

We were using the open-source and free version of Nexus. Prior to that we weren't using a competing solution. We liked most of the things that we got with the free version. The extra capabilities we… more»

What other advice do I have?

Talk to Sonatype about how flexible they can be around their licensing. We did purchase 500 licenses, but initially we were around 20. Rather than paying for the whole thing, I would say, "If we… more»

Which other solutions did I evaluate?

We didn't look at any of the competing products at the time because we were happy with what we're getting from the open-source product. And we were happy with the conversation that we had with… more»
Christophe Arnaud
Real User
Engineering Manager at a tech vendor with 10,001+ employees
Jul 04 2019

What is most valuable?

The most important feature of Nexus Repository Manager is the storing and sharing of components. For Nexus IQ, it's the scanning of projects and the rating of… more»

How has it helped my organization?

Regarding Nexus Repository Manager, using the product has allowed us to have an official and strong repository that is able to store and to manage access rights regarding… more»

What needs improvement?

One of our main concerns would be about plugging Nexus IQ into JIRA to be able to automatically raise issues whenever we have a policy violation in a scan. The second main… more»

What's my experience with pricing, setup cost, and licensing?

Nexus Repository Manager Pro is quite affordable because it's about €100, per user, per year. Purchasing licenses was not really a big issue for us. Regarding Nexus IQ… more»

Which solution did I use previously and why did I switch?

We didn't have any solution before Sonatype.

What other advice do I have?

Before deploying Nexus Repository Manager, really focus on the architecture that will be deployed. It will impact all the users who will have to use Repository Manager… more»

Which other solutions did I evaluate?

For Repository Manager we did a comparison with Artifactory. Regarding Nexus IQ, we did a comparison with Palamida which is now Flexera. We also did a comparison with… more»
Wes Kanazawa
Real User
Sr. DevOps Engineer at Primerica
Mar 03 2020

What is most valuable?

The proxy repository is probably the most valuable feature to us because it allows us to be more proactive in our builds. We're no longer tied to saving components to our… more»

How has it helped my organization?

It's allowed our developers, instead of waiting till the last minute before a release, to know well ahead of time that the components are bad and they are able to… more»

What needs improvement?

It would be helpful if it had a more detailed view of what has been quarantined, for people who don't have Lifecycle licenses. Other than that, it's pretty good.

What's my experience with pricing, setup cost, and licensing?

We pay yearly.

Which solution did I use previously and why did I switch?

We didn't have something that does what a firewall does. We used a different repository and used Nexus IQ to do the enforcement of policies by scanning OSS's individually… more»

What other advice do I have?

My advice would be to use it as soon as you can. Get it implemented into your environment as quickly as you can because it's going to help. Once you get it, get your devs… more»

Which other solutions did I evaluate?

I looked at a few others, like Black Duck, and I was not impressed by them. I didn't get a chance to actually use Black Duck but everything I read said that Black Duck… more»
Ricardo Van Den Broek
Real User
Software Architect at a tech vendor with 11-50 employees
Mar 19 2020

What is most valuable?

IQ Server also checks the overall quality of library. Often as a developer, to solve a certain programming problem we do some research online and may find suggested open… more»

How has it helped my organization?

One of the things that it detected was a small library that we use to generate PDFs. It pointed out this needed a purchased license. We had already bought the license… more»

What needs improvement?

One of the things that we specifically did ask for is support for transitive dependencies. Sometimes a dependency that we define in our POM file for a certain library will… more»

What's my experience with pricing, setup cost, and licensing?

In addition to the license fee for IQ Server, you have to factor in some running costs. We use AWS, so we spun up an additional VM to run this. If the database is RDS that… more»

Which solution did I use previously and why did I switch?

We were using a product before and weren't super happy with it. I found this solution through an Instagram ad. I don't even know how it popped up there, but it was an ad… more»

What other advice do I have?

Do it as early as possible. You will have to clean up sooner or later. I remember when we fired it up it immediately found things that the last solution didn't find. This… more»

Which other solutions did I evaluate?

We did not evaluate other options. Though, we did compare it to what we were using. When we looked at what Sonatype did and how it was able to run in the cloud, we were… more»
Russell Webster
Real User
VP and Sr. Manager at a financial services firm with 1,001-5,000 employees
Nov 27 2019

What is most valuable?

Its core features are the most valuable: * protection * scanning * detection * notification of vulnerabilities. It's important for us as an enterprise to continually and… more»

How has it helped my organization?

Without it we didn't have any way to detect vulnerabilities except through reactive measures. It's allowed us to be proactive in our approach to vulnerability detection… more»

What needs improvement?

Overall, it's pretty good. The drill-through and search capabilities are pretty good, they're not horrible. As far as the relationship of, and ease of finding the… more»

What's my experience with pricing, setup cost, and licensing?

Pricing is decent. It's not horrible. It's middle-of-the-road, as far as our ranking goes. They're a little bit more but that's also because they provide more. They put… more»

Which solution did I use previously and why did I switch?

We did not have a solution with this type of capabilities. We had some type of Nexus product but we layered this on top. We didn't have that capability.

What other advice do I have?

In the early stages of planning and design for rolling this out, ensure that you get all of your stakeholders involved; those who will have an input on the policy… more»

Which other solutions did I evaluate?

We looked at Artifactory as well. We went with Sonatype because it is more comprehensive, it's a market leader, has a great feature set, and support is really good. It's a… more»
Andy Cox
Real User
Product Strategy Group Director at Civica
Mar 03 2020

What is most valuable?

For us, it's seeing not only the licensing and security vulnerabilities but also seeing the age of the open-sources included within our software. That allows us to take… more»

How has it helped my organization?

The solution has improved the way our company functions in terms of the way that developers think about the components that are being built into their products, making… more»

What needs improvement?

We use Azure DevOps as our application lifecycle management tool. It doesn't integrate with that as well as it does with other tools at the moment, but I think there's… more»

What's my experience with pricing, setup cost, and licensing?

We pay on a yearly basis.

Which solution did I use previously and why did I switch?

Our company tried with Black Duck, but that was it.

What other advice do I have?

I would definitely recommend understanding what you're trying to achieve. For us it's quite clear that we want, for the moment, to protect our IP and to identify security… more»

Which other solutions did I evaluate?

We do a supplier selection every couple of years. One solution that we've evaluated is Black Duck, for example, but it didn't seem to be as stable as the Sonatype… more»
Real User
Sr Lead Solution Services at a financial services firm with 201-500 employees
Aug 25 2019

What is most valuable?

The scanning is fantastic. The dashboard is usable and gives us clear visibility into what is happening. It also has a very cool feature, which allows us to see the clean version available to be downloaded. Therefore, it is very easy to go… more»

How has it helped my organization?

We have increased the digital footprint of our company over the last few, extensively. We have extensive open source development happening which depend on open source components. Using the scanning with Nexus IQ, a lower count of false… more»

What needs improvement?

We use Griddle a lot for integrating into our local builds with the IDE, which is another built system. There is not a lot of support for it nor published modules that can be readily used. So, we had to create our own. No Griddle plugins… more»

Which solution did I use previously and why did I switch?

Nexus was our first implementation.

Which other solutions did I evaluate?

We evaluated different Black Duck and WhiteSource, but chose Nexus because we felt it was the best product offered. In early 2017, Black Duck had an approach of uploading everything all at one time, then coming back later to see the report… more»