Skip to main content
TrustRadius
Sonatype Platform

Sonatype Platform

Overview

What is Sonatype Platform?

Sonatype secures the software supply chain and protects organizations' vital software development lifecycle(SDLC). The platform unites security teams and developers to accelerate digital innovation without sacrificing security or quality across the SDLC. With users among more than 2,000 organizations and…

Read more
Recent Reviews

Lives up to the hype

10 out of 10
December 05, 2023
We have been utilizing Repository Manager and Lifecyle for approximately five years now. The entire software development team interacts …
Continue reading
Read all reviews

Reviewer Pros & Cons

View all pros & cons
Verified User
Contributor in Information Technology
Telecommunications Company, 5001-10,000 employees
Verified User
Manager in Information Technology
Retail Company, 10,001+ employees
Return to navigation

Pricing

View all pricing

Sonatype Nexus Repository

$145

On Premise
per year per user

Sonatype Air-Gapped Environment Nexus Repository

$175

On Premise
per year per user

Sonatype Repository Firewall

$224

On Premise
per year per user

Entry-level set up fee?

  • Setup fee required
    Required
For the latest information on pricing, visithttps://www.sonatype.com/nexus/product…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Starting price (does not include set up fee)

  • $165 Per user per month, billed annually per user
Return to navigation

Product Details

What is Sonatype Platform?

Sonatype secures the software supply chain and protects organizations' vital software development lifecycle(SDLC). The platform unites security teams and developers to accelerate digital innovation without sacrificing security or quality across the SDLC. With users among more than 2,000 organizations and 15 million software developers, Sonatype tools and guidance help users to deliver and maintain exceptional and secure software. Core product offerings include:
  1. Sonatype Repository Firewall the first line of defense against against software supply chain attacks. It blocks malicious and suspicious packages, prevents known vulnerabilities and harmful open source releases from downloading into the repository, and automatically releases cleared components back into the development pipeline.
  2. Sonatype Lifecycle enables continuous monitoring of business critical applications that have been released or deployed to determine risk level and remediate vulnerabilities faster, with precise component intelligence. This helps to prevent unplanned work, security breaches, and maintainability issues with early detection and remediation.
  3. Sonatype Nexus Repository helps manage components, binaries and build artifacts across the entire software supply chain, serving billions of components to developers weekly so they can build more quickly and reliably.

Sonatype Platform Features

  • Supported: Continuous Monitoring
  • Supported: Policy Enforcement
  • Supported: Integrations and Language Support
  • Supported: Reporting & Analytics
  • Supported: Remediation
  • Supported: Flexible deployment options (Cloud, Self-hosted, Air-gapped)
  • Supported: Scalability
  • Supported: SBOM
  • Supported: Protection from unknown vulnerabilities
  • Supported: Hosted repository protection from namespace confusion attack
  • Supported: Suspicious auto-quarantine
  • Supported: Automated version replacement for dependencies
  • Supported: Support for artifactory enterprise

Sonatype Platform Screenshots

Screenshot of Sonatype LifecycleScreenshot of Sonatype Lifecycle - Chrome extensionScreenshot of Sonatype Advanced Legal PackScreenshot of Sonatype Nexus RepositoryScreenshot of Sonatype Nexus Repository ManagerScreenshot of Remediation of vulnerabilitiesScreenshot of Sonatype Lifecycle IntegrationsScreenshot of Sonatype Repository Firewall

Sonatype Platform Videos

"Run Anywhere" with Sonatype
Full Spectrum Software Supply Chain Automation

Sonatype Platform Integrations

Sonatype Platform Competitors

Sonatype Platform Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac
Mobile ApplicationNo
Supported CountriesNorth America, EMEA, APJ, Latin America
Supported LanguagesEnglish

Sonatype Platform Downloadables

Frequently Asked Questions

Sonatype Platform starts at $165.

Snyk, Veracode, and Black Duck Software Composition Analysis (SCA) are common alternatives for Sonatype Platform.

The most common users of Sonatype Platform are from Enterprises (1,001+ employees).

Sonatype Platform Customer Size Distribution

Consumers0%
Small Businesses (1-50 employees)0%
Mid-Size Companies (51-500 employees)10%
Enterprises (more than 500 employees)90%
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(18)

Attribute Ratings

Reviews

(1-1 of 1)
Companies can't remove reviews or game the system. Here's why
March 20, 2024

SonaType Nexus: Best platform for managing artifacts

Verified User
Contributor in Information Technology
Telecommunications Company, 5001-10,000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
In our organization we use Sonatype's Nexus Platform to manage repositories, artifacts like docker images and libraries and to distribute/share artifacts amongst different teams. Integrates well with gitlab/github repositories making it a good choice as repository manager. It has web browser to browse different artifacts and manage the artifacts (deprecate the ones not required)
Some teams use Nexus Lifecycle to identify vulnerabilities in build components and has been great help!
Pros and Cons
  • Store and share artifacts likes java libraries and docker images
  • Find vulnerabilities and malicious code in the builds using LifeCycle
  • Integrates quite well with Gitlab ci/cd and provides
  • Managing/browsing different artifacts in the repo
  • UI can be improved. The error messages can be made clearer.
  • Repository mirroring between Nexus and Artifactory breaks from time to time
  • We have run into issues with Nexus and various plug-ins specifically maven from time to time.
Likelihood to Recommend
We use two modules of Sonatype Nexus platform, Nexus LifeCycle and Nexus Repository.
  • Nexus Repository: Nexus Repository is a good choice for being a repository manager. IAs such it does a good job of mirroring external repositories like artifactory etc. It saves network bandwidth/hard ware costs by allowing the teams to share artifacts with each other. Repository UI allows managing different artifacts. For bulk operations, CLI provides a value add. Support is available and helpful. Its a great choice is one is looking for repository manager which comes with support.
  • Nexus LifeCycle : Provides checking the vulnerabilities in the builds. It is probably the best thing which Nexus offers. It comes with its REST api. Artifacts can be checked before getting deployed.
Most Important Features
  • Management of artifact's using Sonatype Repository manager
  • Checking for Vulnerabilities using Sonatype's LifeCycle
  • Sharing of artifacts using Nexus Repository
  • Integration with Gitlab for CI/CD operations
Return on Investment
  • Sonatype Nexus has a positive ROI my organization. It has saved cost of hardware and network bandwidth by acting as repository manager
  • It has eliminated vulnerability threats by checking the components for security risk and vulnerabilities
  • It has allowed the management of the artifacts thus saving on the disk space on servers
Alternatives Considered
Sonatype nexus platform is an excellent choice in comparison to the other products. As a platform it is a combination of various modules plus it comes with the support. So its a great choice for organizations which are not looking for open source. Nexus comes with LifeCycle and IQ servers. Lifecycle performs the vulnerability assessment on the builds/artifacts thus making sure the systems are not compromised.
Other products are good choice if one is looking for open-source as repository manager. They are not a platform.
Other Software Used
Users and Roles
200
Sonatype platform is used by the various teams which includes security compliance, software governance teams and developers The nexus repository is the since source of truth for all artifacts. LCM helps with the automation of open sources selection. Security teams use various features of platform to perform vulnerability scanning of various containers and artifacts.
Support Headcount Required
8
The skills of the team varies. The profile includes Network Engineers who are responsible for managing firewalls and access. System Admins are responsible for maintaining the user access, repos and troubleshooting admin problems Devops is involved in creating various scripts to create repos and creating custom cleanup policies using groovy.
Business Processes Supported
  • Vulnerability scanning
  • Opensource governance
  • Artifact repository
Innovative Uses
  • Allowing policy compliant packages
  • Performing software composition analysis
  • Container image scanning
Future Planned Uses
  • Operational Risk Analysis (info on outdated software)
  • Create tickets from software vulnerability automatically
  • Use auditor function
Likelihood to Renew
8
Sonatype supports more than 200 dev(s). It proves with the repository to store the artifacts. Allows for governance of open source software used by the different teams. It is used by security teams to scan for vulnerabilities in software(s) and in the deployed containers. It helps ensure code quality.
Return to navigation