We performed a comparison between Acunetix and Sonatype Lifecycle based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Picks up weaknesses in our app setups."
"One of the features that I feel is groundbreaking, that I would like to see expanded on, is the IAS feature: The Interactive Application Security Testing module that gets loaded onto an application on a server, for more in-depth, granular findings. I think that is really neat. I haven't seen a lot of competitors doing that."
"Our developers can run the attacks directly from their environments, desktops."
"Acunetix is the best service in the world. It is easy to manage. It gives a lot of information to the users to see and identify problems in their site or applications. It works very well."
"For us, the most valuable aspect of the solution is the log-sequence feature."
"I haven't seen reporting of that level in any other tool."
"The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have."
"The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment."
"It's helped us free up staff time."
"The most valuable feature is that I get a quick overview of the libraries that are included in the application, and the issues that are connected with them. I can quickly understand which problems there are from a security point of view or from a licensing point of view. It's quick and very exact."
"The integrations into developer tooling are quite nice. I have the integration for Eclipse and for Visual Studio. Colleagues are using the Javascript IDE from JetBrains called WebStorm and there is an integration for that from Nexus Lifecycle. I have not heard about anything that is not working. It's also quite easy to integrate it. You just need to set up a project or an app and then you just make the connection in all the tools you're using."
"Some of the more profound features include the REST APIs. We tend to make use of those a lot. They also have a plugin for our CI/CD; we use Jenkins to do continuous integration, and it makes our pipeline build a lot more streamlined. It integrates with Jenkins very well."
"Sonatype support is quite responsive. When we needed something, we could reach out and set up a meeting. They provide the best support possible."
"The value I get from IQ Server is that I get information on real business risks. Is something compliant, are we using the proper license?"
"The application onboarding and policy grandfathering features are good and the solution integrates well with our existing DevOps tools."
"The most important features of the Sonatype Nexus Lifecycle are the vulnerability reports."
"I had some issues with the JSON parameters where it found some strange vulnerabilities, but it didn't alert the person using it or me about these vulnerabilities, e.g., an error for SQL injection."
"Currently only supports web scanning."
"When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic."
"There is room for improvement in website authentication because I've seen other products that can do it much better."
"Acunetix needs to improve its cost."
"It should be easier to recreate something manually, with the manual tool, because Acunetix is an automatic tool. If it finds something, it should be easier to manually replicate it. Sometimes you don't get the raw data from the input and output, so that could be improved."
"The only problem that they have is the price. It is a bit expensive, and you cannot change the number of applications for the whole year."
"The vulnerability identification speed should be improved."
"Fortify Static Code Analyzer has a bit of a learning curve, and I don't find it particularly helpful in narrowing down the vulnerabilities we should prioritize."
"If they had a more comprehensive online tutorial base, both for admin and developers, that would help. It would be good if they actually ran through some scenarios, regarding what happens if I do pick up a vulnerability. How do I fork out into the various decisions? If the vulnerability is not of a severe nature, can I just go ahead with it until it becomes severe? This is important because, obviously, business demands certain deliverables to be ready at a certain time."
"Nexus Lifecycle is multiple products. One drawback I've noticed is that there are some differences in the features between the products within Lifecycle. They need to maintain the same structure, but there are some slight differences."
"Sonatype Nexus Lifecycle can improve by having a feature to automatically detect vulnerabilities. Additionally, if it could automatically push the dependencies or create notifications it would be beneficial."
"The reporting could be better."
"It's the right kind of tool and going in the right direction, but it really needs to be more code-driven and oriented to be scaled at the developer level."
"They could do with making more plugins for the more common integration engines out there. Right now, it supports automation engine by Jenkins but it doesn't fully support something like TeamCity."
"The reporting capability is good but I wish it was better. I sent the request to support and they raised it as an enhancement within the system. An example is filtering by version. If I have a framework that is used in all applications, but version 1 is used in 50 percent of them and version 2 in 25 percent, they will show as different libraries with different usage. But in reality, they're all using one framework."
Acunetix is ranked 16th in Application Security Tools with 26 reviews while Sonatype Lifecycle is ranked 6th in Application Security Tools with 42 reviews. Acunetix is rated 7.6, while Sonatype Lifecycle is rated 8.4. The top reviewer of Acunetix writes "Fantastic reporting features hindered by slow scanning ". On the other hand, the top reviewer of Sonatype Lifecycle writes "Seamless to integrate and identify vulnerabilities and frees up staff time". Acunetix is most compared with OWASP Zap, Tenable.io Web Application Scanning, PortSwigger Burp Suite Professional, HCL AppScan and Fortify WebInspect, whereas Sonatype Lifecycle is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, GitLab and Checkmarx One. See our Acunetix vs. Sonatype Lifecycle report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.