17 years helping New Zealand businesses
choose better software
Nexus Lifecycle
What Is Nexus Lifecycle?
Sonatype's Nexus Platform scales open source security monitoring across the software supply chain and reclaims time spent fighting risks in the software development life cycle.
Software developers, application security professionals, and DevSecOps experts are empowered with the highest quality Nexus vulnerability intelligence to drive faster releases, decrease false positives, and deliver in-depth, developer remediation guidance.
Who Uses Nexus Lifecycle?
Software Developers, Application Security Professionals, DevSecOps Experts, Information Security, Cyber Security Manager, Software Engineers, Application Architect
Not sure about Nexus Lifecycle?
Compare with a popular alternative
Nexus Lifecycle
Reviews of Nexus Lifecycle
Average score
Reviews by company size (employees)
- <50
- 51-200
- 201-1,000
- >1,001
Find reviews by score
Alternatives Considered:
vulnerability analysis tool
Comments: my experience with Nexus Lifecycle is that it allows me to identify and secure vulnerable devices when doing development, which really allows me to work with peace of mind and confidence
Pros:
Firstly, what is good about Nexus Lifecycle is that it is easy to install and use, it supports several types of packages, has very good documentation and is available in several languages. secondly, the vulnerability feature is excellent when it comes to application vulnerability analysis
Cons:
First of all, Nexus Lifecycle is more expensive than its competitors, so access to the paid version is not available to everyone, Then, its interface is often heavy when adding several components
Alternatives Considered:
Binary Repository for the large enterprise
Comments: It's fairly easy to install, pricy from the enterprise version, supports all packages types.
Pros:
The Open Source version has enough functionality (comparing to competitors) to be one of the best in its field. It has vast support for all packages type and the installation is fairly easy
Cons:
The issue will begin once you like to move from the Open Source version to the commercial one, it is pricy (again comparing to the competitors) it has a business module of per user per year cost and if your budget is limited you would find yourself with an issue of funding it. It is not the best in line with the enterprise versions out there.
Alternatives Considered:
Automatic vulnerability detection and mitigation tool in software development process
Comments: I primarily used the tool to detect supply chain vulnerability to mitigate attacks for the development team.
Pros:
Easier to install, and use and helping our team in mitigating supply chain attacks.
Cons:
It has a high per-year basis subscription and is not up to the mark with the other competitor with similar costs
Powerful artifact manager, but has some rough edges
Pros:
Supports all major artifact types, such as npm, helm, docker, etc. Powerful integrations with major 3rd party tools.
Cons:
Open source version does not allow integrating with non-Maven deployment types, making it difficult to evaluate even for those preparing to use enterprise version.