Sonatype Platform (Nexus Lifecycle) - Proactive SCA & SBOM Management Tool
December 04, 2023
Sonatype Platform (Nexus Lifecycle) - Proactive SCA & SBOM Management Tool
Score 8 out of 10
Vetted Review
Verified User
Modules Used
- Nexus Lifecycle
Overall Satisfaction with Sonatype Platform
We use Sonatype Platform Nexus Lifecycle to manage and remediate source code vulnerabilities and also using it for real-time monitoring of components throughout the SDLC, alerting teams about security vulnerabilities and other policy violations. Also, we use it to enforce software license compliance by identifying components with specific licensing terms and managing issues related to it.
- Security scanning and vulnerabilities management
- Policy enforcements on components usage
- Real-time monitoring of components throughout the SDLC
- Provides reporting on vulnerability assessments
- Sonatype Platform support is quite responsive
- Limited feature in IDE plugins
- Provide alternate component where no new version fix for vulnerability exists
- Reporting can to be improved
- Some functionalities are not there in UI and not accessible via API
- Vulnerability Management
- Enforce policies based on security, license, and quality criteria
- Software Bill of Materials
- Continuous monitoring and reporting
- Enabled us to detect vulnerabilities at early stage of development
- Remediation of vulnerabilities has become easier due to low false positive
- Enabled us to be more proactive on security monitoring
Sonatype Platform is complete tool for Software Composition Analysis. Allows policy enforcement at full SDLC which helps organizations identify and manage open-source components and dependencies, along with policy for licenses and also has additional feature for firewall. But in addition to open-source security, Snyk has features specifically designed for container security, helping organizations identify vulnerabilities in containerized applications.
Do you think Sonatype Platform delivers good value for the price?
Yes
Are you happy with Sonatype Platform's feature set?
Yes
Did Sonatype Platform live up to sales and marketing promises?
Yes
Did implementation of Sonatype Platform go as expected?
Yes
Would you buy Sonatype Platform again?
Yes