Sonatype Nexus Lifecycle
Updated February 07, 2025

Sonatype Nexus Lifecycle

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Modules Used

  • Nexus Lifecycle

Overall Satisfaction with Sonatype Platform

Sonatype Nexus Lifecycle, we are able to identify issues with the 3rd party controls/components in our software very early into the development stage. Sonatype Lifecycle works very well within our DevOps practice, it helps us to implement continuous monitoring on 3rd party controls/components. It provides detailed reporting that helps us to understand the associated Vulnerabilities with the components and its dependencies.

Pros

  • Scan Speed/time
  • Detailed reports
  • Their own analysis

Cons

  • Provision to see the historical reporting/analysis with 3rd party components.
  • SCA
  • Early identifying & fixing the issues into SDLC
Overall experience is great with the Platform; however, I see some opportunity with upgrading the platform as it is missing with data of historical scans to allow reviewer to get view of trend how the application/product development team is considering fixing the issues.
Well both have their own procs and cons, As a user of Sonatype Nexus Lifecycle, I have found the overall experience highly satisfactory.

Do you think Sonatype Platform delivers good value for the price?

Yes

Are you happy with Sonatype Platform's feature set?

Yes

Did Sonatype Platform live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Sonatype Platform go as expected?

I wasn't involved with the implementation phase

Would you buy Sonatype Platform again?

Yes

Using SCA tool in development stage helps development teams to identify issues with the Open-Source Software/3rd party components early into the development stage. that overall helps organization to fix the issues with lesser cost compared while making a plan to fix after the product is fully developed. For all the new development we prefer to use SCA platform like Sonatype from the beginning.

Using Sonatype Platform

100 - Software Development
2 - Security Engineer or DevSecOps
  • Early detection of vulnerable 3rd party or open-source components
  • Shift-left
  • Improve software quality and reduce attack surface
  • Sonatype scans needs to be part of policies that has to scan during any PR
  • IDE Scans

Evaluating Sonatype Platform and Competitors

  • Cloud Solutions
  • Scalability
  • Integration with Other Systems
  • Ease of Use
I'll consider reviewing the reporting capabilities along with the analysis capabilities.

Sonatype Platform Implementation

easy to implement and performing the scans via automations as well
  • Implemented in-house
Yes - Recently we performed migration from On-prem to SaaS and it was conducted in various phases.

Sonatype Platform Training

  • No Training
yes, it is not so complex that requires any training modules.

Configuring Sonatype Platform

user should be able to configure the Sonatype platform easily using their documentations.
just follow the documentation that should be enough
No - we have not done any customization to the interface
No - we have not done any custom code

Sonatype Platform Support

Support team is very pro-active and functioning very well.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
None
I'm not sure about this.
Sonatype support team is very pro-active and behaves in timely manner.

Using Sonatype Platform

ProsCons
Like to use
Relatively simple
Easy to use
Technical support not required
Well integrated
Consistent
Quick to learn
Convenient
Feel confident using
Familiar
None
  • Performing Scans
  • Application Configuration
  • View Reports
  • Historical results
  • in very few scenario recommendations

Comments

More Reviews of Sonatype Platform

  1. Home
  2. Software Composition Analysis (SCA) Tools
  3. Sonatype Platform Reviews
  4. User Review of Sonatype Platform