Deliver Agile AppSec with Sonatype Platform NexusIQ!
November 07, 2023
Deliver Agile AppSec with Sonatype Platform NexusIQ!
Score 6 out of 10
Vetted Review
Verified User
Modules Used
- Nexus Lifecycle
Overall Satisfaction with Sonatype Platform
Sonatype Platform's Nexus Lifecycle is used in my company in the DevSecOps Department. We were looking for an SCA tool that was truly developer-oriented. We'd like security tools to be transparent for the application team, to motivate them to use them across every SDLC stage - Sonatype Platform is really good for that. It allows us to scale relatively quickly and increase the 3rd party dependencies security posture monitoring across the whole company.
- SBOM continuous monitoring
- Easy SCM integration
- Tool onboarding
- Tool capabilities for dotnet technology
- More detailed remediation steps
- Better pre-commit feedback for developers
- More out-of-the-box features
- Give us visibility on the security posture of 3rd party dependencies used
- Enable continuous monitoring to react on zero-day vulnerabilities quicker
- Dashboards and reporting capabilities are easy to understand for management
- Less vulnerabilities in our products
- SCA implementation in SSDLC
- Dotnet configuration is more challenging comparing to other technologies
- Black Duck Software Composition Analysis (SCA)
Sonatype Platform's Nexus Lifecycle performs pretty great while talking about security vulnerabilities. It uses multiple vulnerability databases and provides really detailed reports. The tool is easy to use for endusers on different levels: within the IDE, CI pipeline and in maintenance level.
BlackDuck is a tool that is better from the licence management perspective, however it is harder to use and configure. I really like the way how BD calculates the risk, however this feature is also available in Sonatype Platform NexusIQ now.
BlackDuck is a tool that is better from the licence management perspective, however it is harder to use and configure. I really like the way how BD calculates the risk, however this feature is also available in Sonatype Platform NexusIQ now.
Do you think Sonatype Platform delivers good value for the price?
Yes
Are you happy with Sonatype Platform's feature set?
Yes
Did Sonatype Platform live up to sales and marketing promises?
Yes
Did implementation of Sonatype Platform go as expected?
Yes
Would you buy Sonatype Platform again?
Yes