Bitbucket is a Git repository and code collaboration platform, featuring automated testing and code deployment. Bitbucket Cloud Premium provides AI-powered development, more granular access controls, and enforced code quality, and Bitbucket Data Center provides a self-hosted option.
$0
Sonatype Platform
Score 8.7 out of 10
Enterprise companies (1,001+ employees)
Sonatype secures the software supply chain and protects organizations' vital software development lifecycle(SDLC). The platform unites security teams and developers to accelerate digital innovation without sacrificing security or quality across the SDLC. With users among more than 2,000 organizations and 15 million software developers, Sonatype tools and guidance help users to deliver and maintain exceptional and secure software.
$0
for use of the Sonatype Nexus Repository Community Edition
As a team we need to push code into the repo on daily basis, Bitbucket has proven that is a reliable and secure server to save and get the code available in no time. The administration part is really easy and there's an extra tool for every developer profile either if you want to use the console or a GUI like Sourcetree.
- Guidance on remediation is very good - Vulnerability detection is very good - Support is very good - Ability to ask PMs/POs open questions at Office Hours every month is very good - Support for languages is lacking (TIOBE Index Top20) - Some features are un-neededly hidden and make the usage more complex then it needs to be
Very easy to integrate with other DevOps tools like Jenkins and with project/workflow management tools like JIRA.
Very efficient in managing security and compliance standards for code, especially during pull requests, merge requests, branching, etc.
Very robust in performance, especially the cloud and datacenter versions hardly hit any performance issues and supports more than 2000+ developers in my company.
Nexus firewall is a great feature enabled for all our proxy repositories which are used to download the third-party opensource packages.
Nexus IQ is integrated with build stage to analyze the component against evaluation policy. This helps to figure out the application security standards.
Nexus IQ is also having a feature to scan container images before it uploads to our private repository. This is great feature for container platforms.
All products have room for improvement. The system improves over time with better and better integrations and I look forward to even more features without paying extra! The system has increased transparency across my organization and with this transparency comes increased throughput on projects. I don't think I can go back to any other system and we are definitely married to this product.
Sonatype supports more than 200 dev(s). It proves with the repository to store the artifacts. Allows for governance of open source software used by the different teams. It is used by security teams to scan for vulnerabilities in software(s) and in the deployed containers. It helps ensure code quality.
The architecture of Bitbucket makes it more easily scalable than other source code management repositories. Also, administration and maintaining the instance is very easy. It integrates with JIRA and other CI/CD applications which makes it more useful to reduce the efforts. It supports multiple plugins and those bring a lot of extra functionality. It increases the overall efficiency and usefulness of Bitbucket.
Overall experience is great with the Platform; however, I see some opportunity with upgrading the platform as it is missing with data of historical scans to allow reviewer to get view of trend how the application/product development team is considering fixing the issues.
Sonatype products are great value as I said but a few areas like how products use underlying resources in order to make it further lightweight, is something I would like them to consider.
The customer support provided by Atlassian (Bitbucket's parent company that also makes Jira, Confluence, etc.) is very helpful. They seem to be very concerned about any issues reported with their products and even just questions about functionality. They are constantly improving the products with new features in nearly every release. Plus they have a plethora of online documentation to reference.
For the features we were looking at, Bitbucket, GitHub and GitLab were all at par and were in a similar price range. We found that GitHub was the most full featured should we need to scale very quickly. GitLab was at par with GitHub for our future needs, but GitHub was a more familiar tool compared to GitLab. Bitbucket won out because of its close integration with Jira and being in the Atlassian family. It was also cheaper than GitHub. As we started with Jira, Bitbucket addition became a natural next step for us. We really liked Bitbucket and stayed with it but we do know we have great options in the form of GitHub and GitLab should we need to scale fast.
Out of other products we evaluated before choosing Sonatype, the later looked far more user friendly, easy to understand and work with. This was key for us, as the tool needs to be used by many engineers that don't have security as their main focus. Having a tool that is easy to understand and work with, makes the process of evaluating open source dependencies much easier and appealing for developers.
