SonaType Nexus: Best platform for managing artifacts
Updated March 20, 2024

SonaType Nexus: Best platform for managing artifacts

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Nexus Repository
  • Nexus Container
  • Sonatype Lift

Overall Satisfaction with Sonatype Platform

In our organization we use Sonatype's Nexus Platform to manage repositories, artifacts like docker images and libraries and to distribute/share artifacts amongst different teams. Integrates well with gitlab/github repositories making it a good choice as repository manager. It has web browser to browse different artifacts and manage the artifacts (deprecate the ones not required)
Some teams use Nexus Lifecycle to identify vulnerabilities in build components and has been great help!
  • Store and share artifacts likes java libraries and docker images
  • Find vulnerabilities and malicious code in the builds using LifeCycle
  • Integrates quite well with Gitlab ci/cd and provides
  • Managing/browsing different artifacts in the repo
  • UI can be improved. The error messages can be made clearer.
  • Repository mirroring between Nexus and Artifactory breaks from time to time
  • We have run into issues with Nexus and various plug-ins specifically maven from time to time.
  • Management of artifact's using Sonatype Repository manager
  • Checking for Vulnerabilities using Sonatype's LifeCycle
  • Sharing of artifacts using Nexus Repository
  • Integration with Gitlab for CI/CD operations
  • Sonatype Nexus has a positive ROI my organization. It has saved cost of hardware and network bandwidth by acting as repository manager
  • It has eliminated vulnerability threats by checking the components for security risk and vulnerabilities
  • It has allowed the management of the artifacts thus saving on the disk space on servers
Sonatype nexus platform is an excellent choice in comparison to the other products. As a platform it is a combination of various modules plus it comes with the support. So its a great choice for organizations which are not looking for open source. Nexus comes with LifeCycle and IQ servers. Lifecycle performs the vulnerability assessment on the builds/artifacts thus making sure the systems are not compromised.
Other products are good choice if one is looking for open-source as repository manager. They are not a platform.

Do you think Sonatype Platform delivers good value for the price?


Are you happy with Sonatype Platform's feature set?


Did Sonatype Platform live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Sonatype Platform go as expected?

I wasn't involved with the implementation phase

Would you buy Sonatype Platform again?


We use two modules of Sonatype Nexus platform, Nexus LifeCycle and Nexus Repository.
  • Nexus Repository: Nexus Repository is a good choice for being a repository manager. IAs such it does a good job of mirroring external repositories like artifactory etc. It saves network bandwidth/hard ware costs by allowing the teams to share artifacts with each other. Repository UI allows managing different artifacts. For bulk operations, CLI provides a value add. Support is available and helpful. Its a great choice is one is looking for repository manager which comes with support.
  • Nexus LifeCycle : Provides checking the vulnerabilities in the builds. It is probably the best thing which Nexus offers. It comes with its REST api. Artifacts can be checked before getting deployed.

Using Sonatype Platform

200 - Sonatype platform is used by the various teams which includes security compliance, software governance teams and developers The nexus repository is the since source of truth for all artifacts. LCM helps with the automation of open sources selection. Security teams use various features of platform to perform vulnerability scanning of various containers and artifacts.
8 - The skills of the team varies. The profile includes Network Engineers who are responsible for managing firewalls and access. System Admins are responsible for maintaining the user access, repos and troubleshooting admin problems Devops is involved in creating various scripts to create repos and creating custom cleanup policies using groovy.
  • Vulnerability scanning
  • Opensource governance
  • Artifact repository
  • Allowing policy compliant packages
  • Performing software composition analysis
  • Container image scanning
  • Operational Risk Analysis (info on outdated software)
  • Create tickets from software vulnerability automatically
  • Use auditor function
Sonatype supports more than 200 dev(s). It proves with the repository to store the artifacts. Allows for governance of open source software used by the different teams. It is used by security teams to scan for vulnerabilities in software(s) and in the deployed containers. It helps ensure code quality.