Try our new research platform with insights from 80,000+ expert users

Qualys Web Application Scanning vs Sonatype Lifecycle comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 30, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
5.5
Qualys Web Application Scanning improved visibility, reduced costs and failure rates, and increased ROI with automation, despite licensing challenges.
Sentiment score
7.0
Sonatype Lifecycle enhances visibility, security, and productivity, reducing vulnerability analysis time and lowering risks in application development.
We have seen cost savings and efficiency improvements as we now know what happens in what was previously a black box.
 

Customer Service

Sentiment score
5.0
Qualys Web Application Scanning support is mostly praised for responsiveness, with minor concerns about higher-tier access and engagement.
Sentiment score
5.7
Sonatype Lifecycle's customer service is praised for responsiveness and effectiveness, despite occasional delays with product enhancement requests.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
They are helpful when we raise any tickets.
 

Scalability Issues

Sentiment score
7.7
Qualys Web Application Scanning is scalable, handling multiple licenses and users, though some issues arise with concurrent scans.
Sentiment score
6.9
Sonatype Lifecycle is praised for infrastructure scalability and flexibility, but users report challenges with clustering and configuration complexities.
It is licensed for assets, so we just contact the team for additional licenses if needed.
At one point, there was a limitation on reporting for 100,000 assets at a time.
JFrog is easier to configure for high availability as it does not require extra components.
 

Stability Issues

Sentiment score
8.5
Qualys Web Application Scanning is praised for stability and reliability, with users rating it highly and few issues reported.
Sentiment score
8.0
Sonatype Lifecycle is reliable and efficient, with minimal downtime and ease of use, even for large implementations.
Sonatype Lifecycle is very stable, especially in the binary repository management use case for managing binary artifacts.
 

Room For Improvement

Qualys Web Application Scanning users seek improved XSS detection, simpler interface, better pricing, and enhanced integration features.
Sonatype Lifecycle should improve integration, reporting, support, user interface, and adapt to modern practices for better user experience.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
We also noticed a lack of detailed information for configuring Sonatype Lifecycle for high availability and data recovery.
 

Setup Cost

Qualys Web Application Scanning offers competitive pricing and flexible licensing, though some users seek improved cost-effectiveness.
Sonatype Lifecycle offers competitive pricing with valuable features, though costs may impact startups due to licensing complexity.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
For larger numbers like our case with 1,000 user licenses, JFrog becomes much more cost-effective, roughly ten times cheaper than Sonatype.
 

Valuable Features

Qualys Web Application Scanning offers Selenium integration, effective threat detection, and seamless CI/CD integration with a user-friendly interface.
Sonatype Lifecycle enhances security with seamless DevOps integration, user-friendly interface, real-time updates, and efficient dependency management.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
It is recognized as one of the best tools for web application security from a development perspective.
The product helps by providing options for remediating vulnerabilities it finds, making it really useful.
The integration into our CICD pipeline enables us to continuously monitor code changes and identify new vulnerabilities.
The most valuable feature for us is Sonatype Lifecycle's capability in identifying vulnerabilities.
 

Categories and Ranking

Qualys Web Application Scan...
Ranking in Application Security Tools
13th
Average Rating
7.8
Reviews Sentiment
6.9
Number of Reviews
38
Ranking in other categories
Static Application Security Testing (SAST) (9th)
Sonatype Lifecycle
Ranking in Application Security Tools
6th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
45
Ranking in other categories
Software Composition Analysis (SCA) (4th), Software Supply Chain Security (3rd)
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of Qualys Web Application Scanning is 2.1%, up from 2.0% compared to the previous year. The mindshare of Sonatype Lifecycle is 2.6%, down from 3.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Kelvin Oladipo - PeerSpot reviewer
User-friendly scanning provides valuable vulnerability insights, but pricing improvements are needed
Qualys Web Application Scanning ( /products/qualys-web-application-scanning-reviews ) is user-friendly, easy to understand, easy to use, and easy to deploy. Credential scanning is very effective because it goes in-depth into the system, crawling the pages, and reporting on vulnerabilities. The product helps by providing options for remediating vulnerabilities it finds, making it really useful.
SrinathKuppannan2 - PeerSpot reviewer
Easily identifies problematic versions and ensures adherence to regulatory standards like HIPAA, critical for industries dealing with sensitive information
While Sonatype Lifecycle effectively manages artifacts in Nexus Repository and performs code firewall checks based on rules, it has the potential to expand further. I am looking forward to additional features similar to SonarQube, especially since licenses are often split per component. SonarType could integrate cloud-based capabilities, addressing the increasing shift towards cloud workloads. While there have been demos and discussions around this, significant progress on scanning and analyzing cloud images remains to be seen. I am looking forward to Sonatype incorporating these enhancements, particularly in regard to cloud-based features. On-prem workloads are getting to the cloud workloads. * I would like to see more cloud-related insights, such as logging capabilities for the images we use and image scanning information. * Additionally, it would be beneficial to have insights into the stages of dependencies and ensure they comply with standards. If there are any violations in respect to CVSS reports, * Integrating CVSS (Common Vulnerability Scoring System) report rules into the Lifecycle module to detect and report violations would be valuable. I am hoping to see these enhancements from Sonatype in the future. On the security side, I think there's a lot of development needed. There are many security tools on the market, like open-source ones, that Sonatype doesn't integrate with.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
860,632 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
10%
Government
7%
Financial Services Firm
33%
Computer Software Company
12%
Manufacturing Company
9%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Qualys Web Application Scanning?
The vulnerability management feature is a strong one. And also the patch management feature.
What needs improvement with Qualys Web Application Scanning?
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus ( /products/tenable-nessus-reviews ). After using the product for a year, I might have more s...
How does Sonatype Nexus Lifecycle compare with SonarQube?
We like the data that Sonatype Nexus Lifecycle consistently delivers. This solution helps us in fixing and understanding the issues a lot quicker. The policy engine allows you to set up different t...
What do you like most about Sonatype Nexus Lifecycle?
Fortify integrates with various development environments and tools, such as IDEs (Integrated Development Environments) and CI/CD pipelines.
What is your experience regarding pricing and costs for Sonatype Nexus Lifecycle?
According to my calculations, if you are working with up to 200 developers, Sonatype is cheaper than JFrog. However, for larger numbers like our case with 1,000 user licenses, JFrog becomes much mo...
 

Also Known As

Qualys WAS
Sonatype Nexus Lifecycle, Nexus Lifecycle
 

Overview

 

Sample Customers

BskyB, Cartagena, ClearPoint Learning Systems, Connect Group, du, Fortrex Technologies, HBOR, HDI, Highlights for Children, The Lithuanian State Enterprise Centre of Registers, City of Miami Beach, Microsoft, MidlandHR, MSCI Inc., Northern Arizona University, Ofgem, Olympus Europa, PhoneFactor, RTL Nederland, ThousandEyes, VGZ Organisatie B.V.
Genome.One, Blackboard, Crediterform, Crosskey, Intuit, Progress Software, Qualys, Liberty Mutual Insurance
Find out what your peers are saying about Qualys Web Application Scanning vs. Sonatype Lifecycle and other solutions. Updated: June 2025.
860,632 professionals have used our research since 2012.