Nobody knows Open Source like Sonatype
July 21, 2023
Nobody knows Open Source like Sonatype
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Nexus Repository Pro
- Nexus Firewall
- Nexus Lifecycle
Overall Satisfaction with Sonatype Platform
Our company uses the Sonatype Platform to repose our developed artifacts, proxy to external open source repositories, and centrally manage the companies artifacts. We also use the Sonatype Platform to managed the SDLC related to license and security vulnerabilities via policy. We use the policies to prevent unwanted libraries from being brought into the environment, as well as inform developers on remediations that need to be made. We support more than 5000 developers that are distributed across the globe. The Sonatype Platform is an essential part of how we manage open source libraries, which is a core part of our software development. We are a financial services company, and therefore, we own data that is considered a high value target for bad actors. The Sonatype Platform is integrated throughout the development lifecycle.
- Block unwanted open source libraries from entering our environment
- Provides appropriate level information to help our developers identify and remediate vulnerabilities.
- Cost effective enterprise management of open source libraries.
- Provides enterprise level reporting on our vulnerability footprint.
- Sonatype Platform architecture is antiquated and needs to be updated on modern technologies.
- Sonatype Platform UI is lacking in several basic usability features
- There needs to be better features and support for their IDE plugins.
- Blocking vulnerable components from entering our environment
- Being able to leverage Sonatype's deep knowledge of Open Source Software
- Enterprise level artifact management.
- Sonatype's centralized management of artifacts have made it very easy for developers to share code in an efficient manner.
- Sonatype's low false positive rate has made it easier to convince developers to remediate vulnerabilities
- Sonatype's archaic architecture has made it more expensive to manage than it could be.
JFrog's architecture is significantly ahead of Sonatype's implementation. It would be a lot easier to globally manage a JFrog solution than a Sonatype solution. JFrog's UI is more user friendly and has more features. JFrog, however, is significantly behind Sonatype in the quality of the license and security vulnerability data. Also, based on the pricing models for the 2 companies, JFrog's cost was significantly higher than Sonatype's.
Do you think Sonatype Platform delivers good value for the price?
Yes
Are you happy with Sonatype Platform's feature set?
Yes
Did Sonatype Platform live up to sales and marketing promises?
Yes
Did implementation of Sonatype Platform go as expected?
Yes
Would you buy Sonatype Platform again?
Yes