Enables Development Teams to make informed decisions
Updated January 06, 2025

Enables Development Teams to make informed decisions

Sebastian Schmidt | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Modules Used

  • Nexus Lifecycle
  • Nexus Firewall
  • Nexus Lifecyle Add-On - Advanced Legal Pack

Overall Satisfaction with Sonatype Platform

We use the Sonatype Platform in the Software-Development-Process to make sure we a) are better informed on what goes live and what not and b) research what problems can be fixed how and when. Theese 2 tools help to make sure we also can add Quality-Gates to our CI/CD pipelines.

Pros

  • Inform about vulnerabilities and how to fix them
  • Make sure we load safe packages via a secure proxy
  • Create an inventory of apps with SBOMs to understand our products and the risks better
  • Host our own private packages
  • Integrations in IDE and Browsers
  • Awesome support
  • Fresh information every month at the "Office Hours"

Cons

  • Not all of the programming languages on the Top20 of TIOBE Index are covered - PHP is third party and breaks Upgrade-Paths to an external database currently
  • JetBrains IDE support is "only on Java", but shows for "all products" as enabled, which it isnt, this creates confusion on a daily/weekly basis
  • New feature Sonatype Developer is hidden behind "Tile Designs", you have to constantly switch between setups/environments/apps??? You always have to look for how to get back to the other apps. Very confusing on the developer side. Devs commonly want to use tools that are easy and help the workflow, not complicate it by beeing sort of hidden
  • Nexus Repos Log viewer is missing a "Date" selector, viewing the "last 25/50/100kb" in an active environment isnt that helpful
  • Nexus IQ is missing a system where i can setup footer-links for Legal-Purposes and also a tool that shows me my users, like Nexus Repo has built in
  • Helps to be pro-active and informed
  • Helps to get started fast and reduces CVEs, IF the language support is there
  • Helps to get an overview of SBOMs, on what you have in development to production environments
Sonatype Platform is overall usefull

Do you think Sonatype Platform delivers good value for the price?

Yes

Are you happy with Sonatype Platform's feature set?

Yes

Did Sonatype Platform live up to sales and marketing promises?

No

Did implementation of Sonatype Platform go as expected?

Yes

Would you buy Sonatype Platform again?

Yes

- Guidance on remediation is very good
- Vulnerability detection is very good
- Support is very good
- Ability to ask PMs/POs open questions at Office Hours every month is very good

- Support for languages is lacking (TIOBE Index Top20)
- Some features are un-neededly hidden and make the usage more complex then it needs to be

Comments

More Reviews of Sonatype Platform

  1. Home
  2. Software Composition Analysis (SCA) Tools
  3. Sonatype Platform Reviews
  4. User Review of Sonatype Platform