Overview
Product Information on Sonatype Nexus One Platform
What is Sonatype Nexus One Platform?
Sonatype Nexus One Platform Pricing
Sonatype Nexus One Platform Product Images
Overall experience with Sonatype Nexus One Platform
“Strong enterprise grade software supply chain security platform with scalable policy driven governance. ”
About Company
Company Description
Sonatype, a 15-year-old company, is primarily focused on the management of open source software development. Initially, they contributed to Apache Maven. Later, they expanded to support Central, which is known as the world's largest repository of open source components. They also developed Sonatype Nexus Repository, widely used for managing software repositories. With the surge in the volume and variety of open source libraries, the company understood the potential risks like security vulnerabilities and licensing issues, if not managed properly. Thus, Sonatype invests in machine learning, artificial intelligence and human expertise to acquire extensive knowledge about the quality of open source. They create products that provide curated intelligence, assisting organizations to make informed decisions, accelerate innovative ideas and ensure the high-quality standard of their open source components.
Company Details
Do You Manage Peer Insights at Sonatype?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: Sonatype Nexus One Platform
Sonatype Nexus One Platform Likes & Dislikes
1. Strong policy management and enforcement capabilities that integrate seamlessly into CI/CD pipelines, enabling true shift left security. 2. High quality vulnerability intelligence and component data, including license risk visibility and remediation guidance. 3. Enterprise-grade scalability and centralized governance across thousands of repositories.
1. Product Quality: The Sonatype tools are of the highest quality from installation to functional usage. 2. Product Integration: The Sonatype tool integretion with Pipelines and Customized code is exceptional. The APIs are well documented and provide all of the data and processing needs from a customized and product user interface perspective. 3. Services and Support: Quick and timely responses to questions. Documentation is extremely good. 4. Technology: Sonatype uses advanced technology and AI for risk findings and mitigation which provides the customers with current and accurate information. 5. Speed: The product responds quickly and no issues with response times.
Provides a comprehensive ecosystem for the management of artifacts and the full lifecycle from development to product release, as well as operating the system, if applicable.
Initial setup and policy tuning can require thoughtful planning to reduce noise for large organizations.
Navigation between products in the UI.
Each of their products feel like its own thing with smaller inconsistencies and differences in behaviour, needing specific processes and/or workflows to work with each product in their platform offering. The products work well if you have a lot of individual repositories for different products/codebases, but manages a lot less gracefully with larger monorepos. Modern single-sign on feels a bit bolted-on an older solution and not as streamlined as would be preferred. Continuous monitoring may be relevant across multiple releases and stages, while it is only available for one stage per project.
Top Sonatype Nexus One Platform Alternatives
Peer Discussions
Sonatype Nexus One Platform Reviews and Ratings
- Manager, IT Security and Risk Management10B+ USDHealthcare and BiotechReview Source
Strong enterprise grade software supply chain security platform with scalable policy driven governance.
We have had a very positive experience using Sonatype Nexus IQ as part of our enterprise application security program. The platform has helped us significantly strengthen our open source governance, improve visibility into third party risk, and integrate security controls directly into our DevSecOps pipelines. The policy engine is flexible and allows us to align with internal security standards while enabling development teams to move quickly. Reporting and component intelligence are mature and actionable. Overall, it has become a foundational part of our software supply chain security strategy. - IT AssociateGov't/PS/EdGovernmentReview Source
Sonatype Tools Praised for Documentation, Speed, and Advanced Risk Detection Features
The overall experience with Sonatype has been outstanding. Sonatype's software is easy to install and maintain. The products are far superior to other similar products that our team has reviewed, tested, implemented and installed. Technically, the tool has outstanding features and supporting documentation. Finally, the support services are knowledgeable and respond very quickly with accurate and timely feedback. The product identifies vulnerabilities early and provides risk mitigation details in the scan reports. Exceptional experience! - Director of Software Development<50M USDSoftwareReview Source
Dedicated Support and Documentation Offset by Platform Inconsistencies Across Products
Sonatype takes their customer success very seriously and assigns a consistent customer success engineer to your account. Their documentation and support is overall good. - IT Security & Risk Management Associate50M-1B USDBankingReview Source
A good solution to address supply chain security concerns
The actual software works well and offers a suite of reporting and tools to help address supply chain issues but some of the "nice to haves" are still on the road map and not implemented. The UX also leaves something to be desired (no filter/sort by component, limited to 500 repos in search, no numbered pages for results just arrows, no real search for certain items, etc.) - IT Associate1B-10B USDBankingReview Source
A powerful SCA platform
Globally, we are able to follow the security of applications block security threats