Skip to main content
TrustRadius
Sonatype Platform

Sonatype Platform

Overview

What is Sonatype Platform?

Sonatype secures the software supply chain and protects organizations' vital software development lifecycle(SDLC). The platform unites security teams and developers to accelerate digital innovation without sacrificing security or quality across the SDLC. With users among more than 2,000 organizations and…

Read more
Recent Reviews

Lives up to the hype

10 out of 10
December 05, 2023
We have been utilizing Repository Manager and Lifecyle for approximately five years now. The entire software development team interacts …
Continue reading
Read all reviews

Reviewer Pros & Cons

View all pros & cons
Verified User
Contributor in Information Technology
Telecommunications Company, 5001-10,000 employees
Verified User
Manager in Information Technology
Retail Company, 10,001+ employees
Return to navigation

Pricing

View all pricing

Sonatype Nexus Repository

$145

On Premise
per year per user

Sonatype Air-Gapped Environment Nexus Repository

$175

On Premise
per year per user

Sonatype Repository Firewall

$224

On Premise
per year per user

Entry-level set up fee?

  • Setup fee required
    Required
For the latest information on pricing, visithttps://www.sonatype.com/nexus/product…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Starting price (does not include set up fee)

  • $165 Per user per month, billed annually per user
Return to navigation

Product Details

What is Sonatype Platform?

Sonatype secures the software supply chain and protects organizations' vital software development lifecycle(SDLC). The platform unites security teams and developers to accelerate digital innovation without sacrificing security or quality across the SDLC. With users among more than 2,000 organizations and 15 million software developers, Sonatype tools and guidance help users to deliver and maintain exceptional and secure software. Core product offerings include:
  1. Sonatype Repository Firewall the first line of defense against against software supply chain attacks. It blocks malicious and suspicious packages, prevents known vulnerabilities and harmful open source releases from downloading into the repository, and automatically releases cleared components back into the development pipeline.
  2. Sonatype Lifecycle enables continuous monitoring of business critical applications that have been released or deployed to determine risk level and remediate vulnerabilities faster, with precise component intelligence. This helps to prevent unplanned work, security breaches, and maintainability issues with early detection and remediation.
  3. Sonatype Nexus Repository helps manage components, binaries and build artifacts across the entire software supply chain, serving billions of components to developers weekly so they can build more quickly and reliably.

Sonatype Platform Features

  • Supported: Continuous Monitoring
  • Supported: Policy Enforcement
  • Supported: Integrations and Language Support
  • Supported: Reporting & Analytics
  • Supported: Remediation
  • Supported: Flexible deployment options (Cloud, Self-hosted, Air-gapped)
  • Supported: Scalability
  • Supported: SBOM
  • Supported: Protection from unknown vulnerabilities
  • Supported: Hosted repository protection from namespace confusion attack
  • Supported: Suspicious auto-quarantine
  • Supported: Automated version replacement for dependencies
  • Supported: Support for artifactory enterprise

Sonatype Platform Screenshots

Screenshot of Sonatype LifecycleScreenshot of Sonatype Lifecycle - Chrome extensionScreenshot of Sonatype Advanced Legal PackScreenshot of Sonatype Nexus RepositoryScreenshot of Sonatype Nexus Repository ManagerScreenshot of Remediation of vulnerabilitiesScreenshot of Sonatype Lifecycle IntegrationsScreenshot of Sonatype Repository Firewall

Sonatype Platform Videos

"Run Anywhere" with Sonatype
Full Spectrum Software Supply Chain Automation

Sonatype Platform Integrations

Sonatype Platform Competitors

Sonatype Platform Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac
Mobile ApplicationNo
Supported CountriesNorth America, EMEA, APJ, Latin America
Supported LanguagesEnglish

Sonatype Platform Downloadables

Frequently Asked Questions

Sonatype Platform starts at $165.

Snyk, Veracode, and Black Duck Software Composition Analysis (SCA) are common alternatives for Sonatype Platform.

The most common users of Sonatype Platform are from Enterprises (1,001+ employees).

Sonatype Platform Customer Size Distribution

Consumers0%
Small Businesses (1-50 employees)0%
Mid-Size Companies (51-500 employees)10%
Enterprises (more than 500 employees)90%
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(18)

Attribute Ratings

Reviews

(1-12 of 12)
Companies can't remove reviews or game the system. Here's why
March 20, 2024

SonaType Nexus: Best platform for managing artifacts

Verified User
Contributor in Information Technology
Telecommunications Company, 5001-10,000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Store and share artifacts likes java libraries and docker images
  • Find vulnerabilities and malicious code in the builds using LifeCycle
  • Integrates quite well with Gitlab ci/cd and provides
  • Managing/browsing different artifacts in the repo
  • UI can be improved. The error messages can be made clearer.
  • Repository mirroring between Nexus and Artifactory breaks from time to time
  • We have run into issues with Nexus and various plug-ins specifically maven from time to time.
December 05, 2023

Lives up to the hype

Verified User
Manager in Information Technology
Retail Company, 10,001+ employees
Score 10 out of 10
Vetted Review
Verified User
Pros and Cons
  • Easy integration and automation with CI/CD pipeline
  • Block unsupported packages
  • Developer friendly vulnerability reports
  • Vulnerability reporting
  • easily manage custom artifacts
  • Better abilities to share vulnerability reports
  • VS 2022 plugin is here, but it would be nice to use the plugin without having to specify an app within Lifecyle
December 04, 2023

Sonatype Platform (Nexus Lifecycle) - Proactive SCA & SBOM Management Tool

Verified User
Administrator in Information Technology
Banking Company, 501-1000 employees
Score 8 out of 10
Vetted Review
Verified User
Pros and Cons
  • Security scanning and vulnerabilities management
  • Policy enforcements on components usage
  • Real-time monitoring of components throughout the SDLC
  • Provides reporting on vulnerability assessments
  • Sonatype Platform support is quite responsive
  • Limited feature in IDE plugins
  • Provide alternate component where no new version fix for vulnerability exists
  • Reporting can to be improved
  • Some functionalities are not there in UI and not accessible via API
November 16, 2023

Excellent Product Suite - Enables Proactive Vulnerability & SBOM Management

FF
Frederick Farber
Enterprise Architect
BMW of North America (Automotive, 10,001+ employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Vulnerability identification and best path to remediation.
  • Very well supported platform - exceptional customer service.
  • Ongoing monitoring of last released BOM per application and alerting of new vulnerabilities.
  • Recommendations for best Energy Consumption options based on existing BOM - e.g. replace component X with component Y to reduce CPU cycles.
  • More specific recommendations regarding Open Source Licensing - not just saying "Copyleft" but the next level of analysis (it's difficult - but would save a lot of time)
  • Provide specific component replacement options where no "next version" resolves a high severity vulnerability.
October 17, 2023

Sonatype Platform as One Platform for multiple solutions

Verified User
Manager in Information Technology
Insurance Company, 501-1000 employees
Score 8 out of 10
Vetted Review
Verified User
Pros and Cons
  • Nexus firewall is a great feature enabled for all our proxy repositories which are used to download the third-party opensource packages.
  • Nexus IQ is integrated with build stage to analyze the component against evaluation policy. This helps to figure out the application security standards.
  • Nexus IQ is also having a feature to scan container images before it uploads to our private repository. This is great feature for container platforms.
  • Nexus IQ policy creation
  • Nexus repository manager clean up policy.
  • Nexus firewall quarantine auto release
August 23, 2023

Sonatype Platform used at Enterprise scale make developers life easy

Verified User
Manager in Information Technology
Financial Services Company, 10,001+ employees
Score 9 out of 10
Vetted Review
Verified User
Pros and Cons
  • Advice on remediation of vulnerabilities in open source components
  • Support for the top 20 most commonly used software development languages/ frameworks/ packages
  • Protection against threats from an early stage in the threat-lifecycle
  • Support on the end of life lifecycle of known open source components that are going end of life, or already went end of life
  • Support for emerging infrastructure as code frameworks
  • Support for native/ default retention, archiving and clean up policies for hosted repositories
July 21, 2023

Nobody knows Open Source like Sonatype

Verified User
Director in Information Technology
Financial Services Company, 10,001+ employees
Score 8 out of 10
Vetted Review
Verified User
Pros and Cons
  • Block unwanted open source libraries from entering our environment
  • Provides appropriate level information to help our developers identify and remediate vulnerabilities.
  • Cost effective enterprise management of open source libraries.
  • Provides enterprise level reporting on our vulnerability footprint.
  • Sonatype Platform architecture is antiquated and needs to be updated on modern technologies.
  • Sonatype Platform UI is lacking in several basic usability features
  • There needs to be better features and support for their IDE plugins.
July 21, 2023

Get you covered - Scan your Open Source Dependencies

Verified User
Engineer in Research & Development
Computer Networking Company, 5001-10,000 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Scan all open source dependencies, looking for vulnerabilities
  • Detailed information about each vulnerability
  • Great customer support!
  • Container scanning is cumbersome, difficult to get it working
  • If you look at a scan result in the dashboard, you cannot see the git branch where it was produced (you only see the commit hash)
May 07, 2022

SonaType Nexus is the right tool to manage all your projects dependencies

Verified User
Team Lead in Information Technology
Utilities Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Manage different versions of java artifacts.
  • Works as a package manager for JavaScript based apps.
  • User management integrated with our company active directory server.
  • The user interface is complex and not easy to understand for first time users.
  • The administration and configuration is kind of complex.
April 21, 2022

Sonatype to keep track of your libraries and binaries

Verified User
Engineer in Information Technology
Government Administration Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Pros and Cons
  • Keep track of built artifacts.
  • Makes it possible to browse available artifacts.
  • Search and find new libraries and their latest version.
  • User interface could be improved.
  • Integration with development IDE could be improved.
Return to navigation