1. Home
  2. Software Composition Analysis (SCA) Tools
  3. Sonatype Platform Reviews
  4. User Review of Sonatype Platform
Sonatype Platform (Nexus Lifecycle) - Proactive SCA & SBOM Management Tool
December 04, 2023

Sonatype Platform (Nexus Lifecycle) - Proactive SCA & SBOM Management Tool

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Nexus Lifecycle

Overall Satisfaction with Sonatype Platform

We use Sonatype Platform Nexus Lifecycle to manage and remediate source code vulnerabilities and also using it for real-time monitoring of components throughout the SDLC, alerting teams about security vulnerabilities and other policy violations. Also, we use it to enforce software license compliance by identifying components with specific licensing terms and managing issues related to it.
  • Security scanning and vulnerabilities management
  • Policy enforcements on components usage
  • Real-time monitoring of components throughout the SDLC
  • Provides reporting on vulnerability assessments
  • Sonatype Platform support is quite responsive
  • Limited feature in IDE plugins
  • Provide alternate component where no new version fix for vulnerability exists
  • Reporting can to be improved
  • Some functionalities are not there in UI and not accessible via API
  • Vulnerability Management
  • Enforce policies based on security, license, and quality criteria
  • Software Bill of Materials
  • Continuous monitoring and reporting
  • Enabled us to detect vulnerabilities at early stage of development
  • Remediation of vulnerabilities has become easier due to low false positive
  • Enabled us to be more proactive on security monitoring
Sonatype Platform is complete tool for Software Composition Analysis. Allows policy enforcement at full SDLC which helps organizations identify and manage open-source components and dependencies, along with policy for licenses and also has additional feature for firewall. But in addition to open-source security, Snyk has features specifically designed for container security, helping organizations identify vulnerabilities in containerized applications.

Do you think Sonatype Platform delivers good value for the price?

Yes

Are you happy with Sonatype Platform's feature set?

Yes

Did Sonatype Platform live up to sales and marketing promises?

Yes

Did implementation of Sonatype Platform go as expected?

Yes

Would you buy Sonatype Platform again?

Yes

One of the best SCA tools available in market. Well suited for scenarios for where open source binaries are used. Also, allows users to minimize security vulnerabilities, permitting organizations to enhance development workflow. Sonatype Platform Lifecycle also gives the user complete control over their software supply chain, allowing them managing SDLC.