1. Home
  2. Software Composition Analysis (SCA) Tools
  3. Sonatype Platform Reviews
  4. User Review of Sonatype Platform
Lives up to the hype
December 05, 2023

Lives up to the hype

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Modules Used

  • Nexus Repository Pro
  • Nexus Firewall
  • Nexus Lifecycle

Overall Satisfaction with Sonatype Platform

We have been utilizing Repository Manager and Lifecyle for approximately five years now. The entire software development team interacts with the Sonatype Platform on a daily basis. Repository Manager is used as a proxy to external repositories, store internally developed artifacts, and Docker images. Since all packages that developers retrieve flow through Repository Manager, we are able to enforce our open source best practices. Allowing us to prevent unauthorized packages from being implemented into projects. Repository Manager and Lifecycle are both integrated into our CI/CD pipeline. While Repository Manager is used to pull and deploy packages, Lifecycle is searching for vulnerabilities. With each build, we are receiving a report for all of the components. Based on the valuable data Sonatype provides us, we are able to make decisions on whether to allow the build to continue. This prevents any vulnerable component from being introduced to our environments. Lifecycle also allows us to view newly discovered vulnerabilities within applications that have already been deployed, so they can be resolved as well.

Overall, Sonatype Platform greatly reduces the risk we assume each day.
  • Easy integration and automation with CI/CD pipeline
  • Block unsupported packages
  • Developer friendly vulnerability reports
  • Vulnerability reporting
  • easily manage custom artifacts
  • Better abilities to share vulnerability reports
  • VS 2022 plugin is here, but it would be nice to use the plugin without having to specify an app within Lifecyle
  • Blocking builds
  • Vulnerability scans
  • package management
  • blocking packages
  • Reduces the risk of using open source libraries
  • Allows easy artifact management
  • Easy integration

Do you think Sonatype Platform delivers good value for the price?

Yes

Are you happy with Sonatype Platform's feature set?

Yes

Did Sonatype Platform live up to sales and marketing promises?

Yes

Did implementation of Sonatype Platform go as expected?

Yes

Would you buy Sonatype Platform again?

Yes

The different features Sonatype Platform offers checks all the boxes for us. From the artifact management with Repository Manager, to the vulnerability data from Lifecycle. Over the years it has proven itself, and I'm glad we went with the product.