Sonatype Nexus Lifecycle Pros

RS
Senior Architect at a insurance company with 1,001-5,000 employees
We really like the Nexus Firewall. There are increasing threats from npm, rogue components, and we've been able to leverage protection there. We also really like being able to know which of our apps has known vulnerabilities.
View full review »
Shubham Shrivastava - PeerSpot reviewer
Engineering Tools and Platform Manager at BT - British Telecom
Its engine itself is most valuable in terms of the way it calculates and decides whether a security vulnerability exists or not. That's the most important thing. Its security is also pretty good, and its listing about the severities is also good.
View full review »
Finto Thomas - PeerSpot reviewer
Information Security Program Preparer / Architect at Alef Education
The value I get from IQ Server is that I get information on real business risks. Is something compliant, are we using the proper license?
View full review »
Buyer's Guide
Sonatype Nexus Lifecycle
November 2022
Learn what your peers think about Sonatype Nexus Lifecycle. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
654,218 professionals have used our research since 2012.
IV
Product Owner Secure Coding at a financial services firm with 10,001+ employees
The quality or the profiles that you can set are most valuable. The remediation of issues that you can do and how the information is offered is also valuable.
View full review »
Katrin Schenker - PeerSpot reviewer
Software Engineer at a manufacturing company with 10,001+ employees
The integrations into developer tooling are quite nice. I have the integration for Eclipse and for Visual Studio. Colleagues are using the Javascript IDE from JetBrains called WebStorm and there is an integration for that from Nexus Lifecycle. I have not heard about anything that is not working. It's also quite easy to integrate it. You just need to set up a project or an app and then you just make the connection in all the tools you're using.
View full review »
LR
Section Chief at a government with 201-500 employees
Due to the sheer amount of vulnerabilities and the fact that my company is still working on eliminating all vulnerabilities, it's still too early for me to say what I like most about Sonatype Nexus Lifecycle. Still, one of the best functions of the product is the guidance it gives in finding which components or applications have vulnerabilities. For example, my team had a vulnerability or a CVE connected to Apache last week. My team couldn't find which applications had the vulnerability initially, but using Sonatype Nexus Lifecycle helped. My team deployed new versions on that same day and successfully eliminated the vulnerabilities, so right now, the best feature of Sonatype Nexus Lifecycle is finding which applications have vulnerabilities.
View full review »
Chris Coetzee - PeerSpot reviewer
Managing Director at Digalance
Lifecycle lets developers see any vulnerabilities or AGPL license issues associated with code in the early stages of development. The nice thing is that it's built into the ID so that they can see all versions of a specific code.
View full review »
HB
Lead Member Of Technical Staff at a tech vendor with 10,001+ employees
Vulnerability detection accuracy is good.
View full review »
MI
Technical Consultant at a computer software company with 10,001+ employees
The most important features of the Sonatype Nexus Lifecycle are the vulnerability reports.
View full review »
RN
Technical Manager at a financial services firm with 1,001-5,000 employees
Sonatype support is quite responsive. When we needed something, we could reach out and set up a meeting. They provide the best support possible.
View full review »

Sonatype Nexus Lifecycle Cons

RS
Senior Architect at a insurance company with 1,001-5,000 employees
Overall it's good, but it would be good for our JavaScript front-end developers to have that IDE integration for their libraries. Right now, they don't, and I'm told by my Sonatype support rep that I need to submit an idea, from which they will submit a feature request. I was told it was already in the pipeline, so that was one strike against sales.
View full review »
Shubham Shrivastava - PeerSpot reviewer
Engineering Tools and Platform Manager at BT - British Telecom
One area of improvement, about which I have spoken to the Sonatype architect a while ago, is related to the installation. We still have an installation on Linux machines. The installation should move to EKS or Kubernetes so that we can do rollover updates, and we don't have to take the service down. My primary focus is to have at least triple line availability of my tools, which gives me a very small window to update my tools, including IQ. Not having them on Kubernetes means that every time we are performing an upgrade, there is downtime. It impacts the 0.1% allocated downtime that we are allowed to have, which becomes a challenge. So, if there is Kubernetes installation, it would be much easier. That's one thing that definitely needs to be improved.
View full review »
Finto Thomas - PeerSpot reviewer
Information Security Program Preparer / Architect at Alef Education
Nexus Lifecycle is multiple products. One drawback I've noticed is that there are some differences in the features between the products within Lifecycle. They need to maintain the same structure, but there are some slight differences.
View full review »
Buyer's Guide
Sonatype Nexus Lifecycle
November 2022
Learn what your peers think about Sonatype Nexus Lifecycle. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
654,218 professionals have used our research since 2012.
IV
Product Owner Secure Coding at a financial services firm with 10,001+ employees
The user interface needs to be improved. It is slow for us. We use Nexus IQ mostly via APIs. We don't use the interface that much, but when we use it, certain areas are just unresponsive or very slow to load. So, performance-wise, the UI is not fast enough for us, but we don't use it that much anyway.
View full review »
Katrin Schenker - PeerSpot reviewer
Software Engineer at a manufacturing company with 10,001+ employees
We got a lot of annotations for certain libraries when it comes to Java, but my feeling, and the feeling of a colleague as well, is that we don't get as many for critical libraries when it comes to .NET, as if most of them are really fine... It would be good if Sonatype would check the status of annotations for .NET packages.
View full review »
LR
Section Chief at a government with 201-500 employees
It could be because I need to learn more about Sonatype Nexus Lifecycle, but as a leader, if I want to analyze the vulnerability situation and how it is and the forecast, I'd like to look at the reports and understand what the results mean. It's been challenging for me to understand the reports and dashboards on Sonatype Nexus Lifecycle, so I'll need to take a course or watch some YouTube tutorials about the product. If Sonatype Nexus Lifecycle has documentation that could help me properly analyze the vulnerability situation and what the graphs mean, then that would be helpful. I need help understanding what each graph is showing, and it seems my company is the worst, based on the chart. Still, I need clarification, so if there were some documentation, a more extensive knowledge base, or a question mark icon you could hover over that would explain what each data on the graph means, that would make Sonatype Nexus Lifecycle better.
View full review »
Chris Coetzee - PeerSpot reviewer
Managing Director at Digalance
In the beginning, we sometimes struggle to access the customer environment. The customer must issue the required certificates because many customers use cell phone certificates, and Sonatype needs a valid CA certificate.
View full review »
HB
Lead Member Of Technical Staff at a tech vendor with 10,001+ employees
The solution is not an SaaS product.
View full review »
MI
Technical Consultant at a computer software company with 10,001+ employees
Sonatype Nexus Lifecycle can improve the functionality. Some functionalities are missing from the UI that could be accessed using the API but they are not available. For example, seeing more than the 100 first reports or, seeing your comments when you process a waiver for a vulnerability or a violation.
View full review »
RN
Technical Manager at a financial services firm with 1,001-5,000 employees
The team managing Nexus Lifecycle reported that their internal libraries were not being identified, so they have asked Sonatype's technical team to include that in the upcoming version.
View full review »
Buyer's Guide
Sonatype Nexus Lifecycle
November 2022
Learn what your peers think about Sonatype Nexus Lifecycle. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
654,218 professionals have used our research since 2012.