Sonatype Platform used at Enterprise scale make developers life easy
August 23, 2023
Sonatype Platform used at Enterprise scale make developers life easy
Score 9 out of 10
Vetted Review
Verified User
Modules Used
- Nexus Repository Pro
- Nexus Firewall
- Nexus Lifecycle
Overall Satisfaction with Sonatype Platform
With over 3.000 business applications, 100 million lines of code, 500 development teams and roughly 1.500 builds per day, standardization, governance and control are key aspects we address with the Sonatype Platform.
Nexus Repository is used as the golden source for artifact management and acts as the crown jewel of the software development factory. All builds and off-the-shelf packages are pulled from Nexus prior to deployments downstream.
Any dependency that is consumed is first checked using Sonatype Firewall and subsequently scanned using Sonatype Lifecycle in the pipelines. Custom and default policies work together in securing our organization against attack vectors like malware, malicious components, security vulnerabilities, license violations and end of life dependencies.
Authorization to application information is centrally governed, access management too. Many integrations between pipelines running on Azure or on premise are centrally governed. Security reviews by expert teams is arranged through integration between Nexus Lifecycle and ServiceNow.
Risk Acceptance and other policy deviations are centrally managed and are used as vital information to assess the overall security posture of our organization.
Support for new technologies and assistance with remediation of new vulnerabilities that are found in components is received at a decent frequency by Sonatype.
Nexus Repository is used as the golden source for artifact management and acts as the crown jewel of the software development factory. All builds and off-the-shelf packages are pulled from Nexus prior to deployments downstream.
Any dependency that is consumed is first checked using Sonatype Firewall and subsequently scanned using Sonatype Lifecycle in the pipelines. Custom and default policies work together in securing our organization against attack vectors like malware, malicious components, security vulnerabilities, license violations and end of life dependencies.
Authorization to application information is centrally governed, access management too. Many integrations between pipelines running on Azure or on premise are centrally governed. Security reviews by expert teams is arranged through integration between Nexus Lifecycle and ServiceNow.
Risk Acceptance and other policy deviations are centrally managed and are used as vital information to assess the overall security posture of our organization.
Support for new technologies and assistance with remediation of new vulnerabilities that are found in components is received at a decent frequency by Sonatype.
- Advice on remediation of vulnerabilities in open source components
- Support for the top 20 most commonly used software development languages/ frameworks/ packages
- Protection against threats from an early stage in the threat-lifecycle
- Support on the end of life lifecycle of known open source components that are going end of life, or already went end of life
- Support for emerging infrastructure as code frameworks
- Support for native/ default retention, archiving and clean up policies for hosted repositories
- Scalability
- Central governance and maintenance
- Ease of integration in the SDLC
- Insight in application security at enterprise scale
- Possibility to prevent bad code from being deployed
- Easy workflow for developers
JFrog is a very strong competitor for the Sonatype Platform and in some areas beats Sonatype's configuration, for example on the default options for retention, cleanup and backups. However, Sonatype Platform has easy integration at Enterprise scale, is transparant on it's roadmap, has good support and good account management. This makes Sonatype and JFrog comparable.
Do you think Sonatype Platform delivers good value for the price?
Yes
Are you happy with Sonatype Platform's feature set?
Yes
Did Sonatype Platform live up to sales and marketing promises?
Yes
Did implementation of Sonatype Platform go as expected?
Yes
Would you buy Sonatype Platform again?
Yes