SonaType Nexus: Best platform for managing artifacts
Updated March 20, 2024
SonaType Nexus: Best platform for managing artifacts
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Nexus Repository
- Nexus Container
- Sonatype Lift
Overall Satisfaction with Sonatype Platform
In our organization we use Sonatype's Nexus Platform to manage repositories, artifacts like docker images and libraries and to distribute/share artifacts amongst different teams. Integrates well with gitlab/github repositories making it a good choice as repository manager. It has web browser to browse different artifacts and manage the artifacts (deprecate the ones not required)
Some teams use Nexus Lifecycle to identify vulnerabilities in build components and has been great help!
Some teams use Nexus Lifecycle to identify vulnerabilities in build components and has been great help!
- Store and share artifacts likes java libraries and docker images
- Find vulnerabilities and malicious code in the builds using LifeCycle
- Integrates quite well with Gitlab ci/cd and provides
- Managing/browsing different artifacts in the repo
- UI can be improved. The error messages can be made clearer.
- Repository mirroring between Nexus and Artifactory breaks from time to time
- We have run into issues with Nexus and various plug-ins specifically maven from time to time.
- Management of artifact's using Sonatype Repository manager
- Checking for Vulnerabilities using Sonatype's LifeCycle
- Sharing of artifacts using Nexus Repository
- Integration with Gitlab for CI/CD operations
- Sonatype Nexus has a positive ROI my organization. It has saved cost of hardware and network bandwidth by acting as repository manager
- It has eliminated vulnerability threats by checking the components for security risk and vulnerabilities
- It has allowed the management of the artifacts thus saving on the disk space on servers
Sonatype nexus platform is an excellent choice in comparison to the other products. As a platform it is a combination of various modules plus it comes with the support. So its a great choice for organizations which are not looking for open source. Nexus comes with LifeCycle and IQ servers. Lifecycle performs the vulnerability assessment on the builds/artifacts thus making sure the systems are not compromised.
Other products are good choice if one is looking for open-source as repository manager. They are not a platform.
Other products are good choice if one is looking for open-source as repository manager. They are not a platform.
Do you think Sonatype Platform delivers good value for the price?
Yes
Are you happy with Sonatype Platform's feature set?
Yes
Did Sonatype Platform live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Sonatype Platform go as expected?
I wasn't involved with the implementation phase
Would you buy Sonatype Platform again?
Yes
Using Sonatype Platform
200 - Sonatype platform is used by the various teams which includes security compliance, software governance teams and developers The nexus repository is the since source of truth for all artifacts. LCM helps with the automation of open sources selection. Security teams use various features of platform to perform vulnerability scanning of various containers and artifacts.
8 - The skills of the team varies. The profile includes Network Engineers who are responsible for managing firewalls and access. System Admins are responsible for maintaining the user access, repos and troubleshooting admin problems Devops is involved in creating various scripts to create repos and creating custom cleanup policies using groovy.
- Vulnerability scanning
- Opensource governance
- Artifact repository
- Allowing policy compliant packages
- Performing software composition analysis
- Container image scanning
- Operational Risk Analysis (info on outdated software)
- Create tickets from software vulnerability automatically
- Use auditor function