We performed a comparison between Sonatype Lifecycle and Spirent CyberFlood based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of the Sonatype Nexus Lifecycle are the evaluation of the unit test coverage, vulnerability scanning, duplicate code lines, code smells, and unnecessary loops."
"I like Fortify Software Security Center or Fortify SSC. This tool is installed on each developer's machine, but Fortify Software Security Center combines everything. We can meet there as security professionals and developers. The developers scan their code and publish the results there. We can then look at them from a security perspective and see whether they fixed the issues. We can agree on whether something is a false positive and make decisions."
"The integration of Lifecycle is really good with Jenkins and GitHub; those work very well. We've been able to get it to work seamlessly with them so that it runs on every build that we have."
"We really like the Nexus Firewall. There are increasing threats from npm, rogue components, and we've been able to leverage protection there. We also really like being able to know which of our apps has known vulnerabilities."
"The integrations into developer tooling are quite nice. I have the integration for Eclipse and for Visual Studio. Colleagues are using the Javascript IDE from JetBrains called WebStorm and there is an integration for that from Nexus Lifecycle. I have not heard about anything that is not working. It's also quite easy to integrate it. You just need to set up a project or an app and then you just make the connection in all the tools you're using."
"The most valuable feature is that I get a quick overview of the libraries that are included in the application, and the issues that are connected with them. I can quickly understand which problems there are from a security point of view or from a licensing point of view. It's quick and very exact."
"The Software Security Center, which is often overlooked, stands out as the most effective feature."
"The REST API is the most useful for us because it allows us to drive it remotely and, ideally, to automate it."
"Our customers use it to check for unauthorized file transfer."
"CyberFlood's best features are its user-friendliness and scheduling function."
"CyberFlood is flexible."
"The feature I find most valuable is the traffic generator."
"They're working on the high-quality data with Conan. For Conan applications, when it was first deployed to Nexus IQ, it would scan one file type for dependencies. We don't use that method in Conan, we use another file type, which is an acceptable method in Conan, and they didn't have support for that other file type. I think they didn't even know about it because they aren't super familiar with Conan yet. I informed them that there's this other file type that they could scan for dependencies, and that's what they added functionality for."
"Sonatype Nexus Lifecycle can improve by having a feature to automatically detect vulnerabilities. Additionally, if it could automatically push the dependencies or create notifications it would be beneficial."
"Not all languages are supported in Fortify."
"The generation of false positives should be reduced."
"It could be because I need to learn more about Sonatype Nexus Lifecycle, but as a leader, if I want to analyze the vulnerability situation and how it is and the forecast, I'd like to look at the reports and understand what the results mean. It's been challenging for me to understand the reports and dashboards on Sonatype Nexus Lifecycle, so I'll need to take a course or watch some YouTube tutorials about the product. If Sonatype Nexus Lifecycle has documentation that could help me properly analyze the vulnerability situation and what the graphs mean, then that would be helpful. I need help understanding what each graph is showing, and it seems my company is the worst, based on the chart. Still, I need clarification, so if there were some documentation, a more extensive knowledge base, or a question mark icon you could hover over that would explain what each data on the graph means, that would make Sonatype Nexus Lifecycle better."
"We use Azure DevOps as our application lifecycle management tool. It doesn't integrate with that as well as it does with other tools at the moment, but I think there's work being done to address that. In terms of IDEs, it integrates well. We would like to integrate it into our Azure cloud deployment but the integration with Azure Active Directory isn't quite as slick as we would like it to be. We have to do some workarounds for that at the moment."
"The biggest thing is getting it put uniformly across all the different teams. It's more of a process issue. The process needs to be thought out about how it's going to be used, what kind of training there will be, how it's going to be socialized, and how it's going to be rolled out and controlled, enterprise-wide. That's probably more of a challenge than the technology itself."
"The reporting could be better."
"Sometimes, when you configure parameters the hardware can't run, it will get stuck at those points without telling you what happened. It would be helpful if the error reporting provided more details about why the test setting is not running. It would be nice if there were a space in the hardware module for you to add some external hardware for more rigorous testing."
"I would also like to see updates on a more frequent schedule."
"CyberFlood's accessibility and support for multiple browsers could be better."
"The solution needs more ports, more speed, and more gigabytes."
Sonatype Lifecycle is ranked 6th in Application Security Tools with 42 reviews while Spirent CyberFlood is ranked 33rd in Application Security Tools with 4 reviews. Sonatype Lifecycle is rated 8.4, while Spirent CyberFlood is rated 8.4. The top reviewer of Sonatype Lifecycle writes "Seamless to integrate and identify vulnerabilities and frees up staff time". On the other hand, the top reviewer of Spirent CyberFlood writes "I like the solution's flexibility". Sonatype Lifecycle is most compared with SonarQube, Black Duck, Fortify Static Code Analyzer, GitLab and Checkmarx One, whereas Spirent CyberFlood is most compared with Ixia BreakingPoint and Ixia BreakingPoint VE. See our Sonatype Lifecycle vs. Spirent CyberFlood report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.