Try our new research platform with insights from 80,000+ expert users
Sonatype Lifecycle Logo

Sonatype Lifecycle Reviews

Vendor: Sonatype
4.2 out of 5
453 followers
Start review

What is Sonatype Lifecycle?

Featured Sonatype Lifecycle reviews

Sonatype Lifecycle mindshare

As of March 2025, the mindshare of Sonatype Lifecycle in the Software Composition Analysis (SCA) category stands at 5.1%, down from 6.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Software Composition Analysis (SCA)

PeerAnalyst reports based on Sonatype Lifecycle reviews

TypeTitleDate
CategorySoftware Composition Analysis (SCA)Mar 8, 2025Download
ProductReviews, tips, and advice from real usersMar 8, 2025Download
ComparisonSonatype Lifecycle vs Black DuckMar 8, 2025Download
ComparisonSonatype Lifecycle vs VeracodeMar 8, 2025Download
ComparisonSonatype Lifecycle vs SnykMar 8, 2025Download
Suggested products
TitleRatingMindshareRecommending
GitLab4.34.5%97%82 interviewsAdd to research
Snyk4.115.8%100%44 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
34%
Computer Software Company
12%
Government
8%
Manufacturing Company
8%
Insurance Company
5%
Healthcare Company
4%
University
3%
Energy/Utilities Company
2%
Retailer
2%
Educational Organization
2%
Comms Service Provider
2%
Real Estate/Law Firm
2%
Media Company
2%
Non Profit
2%
Construction Company
2%
Legal Firm
1%
Wholesaler/Distributor
1%
Transportation Company
1%
Aerospace/Defense Firm
1%
Outsourcing Company
1%
Hospitality Company
1%
Logistics Company
1%
Recreational Facilities/Services Company
1%
Performing Arts
1%

Compare Sonatype Lifecycle with alternative products

Learn more about Sonatype Lifecycle

Sonatype Lifecycle customers

Related questions

 

Sonatype Lifecycle reviews

Sort by:
SrinathKuppannan2 - PeerSpot user
Integration Manager at CommScope
Verified user of Sonatype Lifecycle
Jun 27, 2024
Easily identifies problematic versions and ensures adherence to regulatory standards like HIPAA, critical for industries dealing with sensitive information

Pros

" The violation reports provided by Lifecycle are key, giving specific details on the types of violations and identifying the component within the application."

Cons

"On the security side, I think there's a lot of development needed. There are many security tools on the market, like open-source ones, that Sonatype doesn't integrate with."
SS
Engineering Tools and Platform Manager at BT - British Telecom
Verified user of Sonatype Lifecycle
Sep 27, 2021
Integrates easily and finds all vulnerabilities and categorizes them pretty nicely

Pros

"Its engine itself is most valuable in terms of the way it calculates and decides whether a security vulnerability exists or not. That's the most important thing. Its security is also pretty good, and its listing about the severities is also good."

Cons

"One area of improvement, about which I have spoken to the Sonatype architect a while ago, is related to the installation. We still have an installation on Linux machines. The installation should move to EKS or Kubernetes so that we can do rollover updates, and we don't have to take the service down. My primary focus is to have at least triple line availability of my tools, which gives me a very small window to update my tools, including IQ. Not having them on Kubernetes means that every time we are performing an upgrade, there is downtime. It impacts the 0.1% allocated downtime that we are allowed to have, which becomes a challenge. So, if there is Kubernetes installation, it would be much easier. That's one thing that definitely needs to be improved."
Find out what your peers are saying about Sonatype Lifecycle. Updated February 2025
841,152 professionals have used our research since 2012.
ME
Sr. Enterprise Architect at MIB Group, Inc.
Verified user of Sonatype Lifecycle
Mar 11, 2020
Product version discussed: 3.19
Provides us with ease of development, the ability to automate a lot of the build-and-deploy process

Pros

"Some of the more profound features include the REST APIs. We tend to make use of those a lot. They also have a plugin for our CI/CD; we use Jenkins to do continuous integration, and it makes our pipeline build a lot more streamlined. It integrates with Jenkins very well."

Cons

"Some of the APIs are just REST APIs and I would like to see more of the functionality in the plugin side of the world. For example, with the RESTful API I can actually delete or move an artifact from one Nexus repository to another. I can't do that with the pipeline API, as of yet. I'd like to see a bit more functionality on that side."
GK
Principal DevSecOPs at a computer software company with 10,001+ employees
Verified user of Sonatype Lifecycle
Dec 24, 2024
Product version discussed: One-eighty-one
Provides comprehensive dependency oversight with room for expanded security capabilities

Pros

"The solution provides a comprehensive overview of dependencies and their security status. "

Cons

"It is a bit narrow, and we are expecting more features, especially with respect to SBOM and other detections. "
RV
Software Architect at a tech vendor with 11-50 employees
Verified user of Sonatype Lifecycle
Mar 19, 2020
Product version discussed: 80
Checks our libraries for security and licensing issues

Pros

"With the plugin for our IDE that Sonatype provides, we can check whether a library has security, quality, or licensing issues very easily. Which is nice because Googling for this stuff can be a bit cumbersome. By checking it before code is even committed, we save ourselves from getting notifications."

Cons

"One of the things that we specifically did ask for is support for transitive dependencies. Sometimes a dependency that we define in our POM file for a certain library will be dependent on other stuff and we will pull that stuff in, then you get a cascade of libraries that are pulled in. This caused confusing to us at first, because we would see a component that would have security ticket or security notification on it and wonder "Where is this coming in from?" Because when we checked what we defined as our dependencies it's not there. It didn't take us too long effort to realize that it was a transitive dependency pulled in by something else, but the question then remains "Which dependency is doing that?""
IV
Product Owner Secure Coding at a financial services firm with 10,001+ employees
Verified user of Sonatype Lifecycle
Sep 27, 2021
Product version discussed: 114
Improves the overall hygiene of the source code and is helpful for code security and remediation of issues

Pros

"The quality or the profiles that you can set are most valuable. The remediation of issues that you can do and how the information is offered is also valuable."

Cons

"The user interface needs to be improved. It is slow for us. We use Nexus IQ mostly via APIs. We don't use the interface that much, but when we use it, certain areas are just unresponsive or very slow to load. So, performance-wise, the UI is not fast enough for us, but we don't use it that much anyway."
WK
Sr. DevOps Engineer at Primerica
Verified user of Sonatype Lifecycle
Mar 3, 2020
Product version discussed: Release 81
Enables our developers to proactively select components that don't have a vulnerability or a licensing issue

Pros

"The proxy repository is probably the most valuable feature to us because it allows us to be more proactive in our builds. We're no longer tied to saving components to our repository."

Cons

"It would be helpful if it had a more detailed view of what has been quarantined, for people who don't have Lifecycle licenses. Other than that, it's pretty good."
PeerSpot user
Vice President, Cybersecurity at a financial services firm with 10,001+ employees
Verified user of Sonatype Lifecycle
Dec 29, 2023
Seamless to integrate and identify vulnerabilities and frees up staff time

Pros

"The Software Security Center, which is often overlooked, stands out as the most effective feature. "

Cons

"Fortify's software security center needs a design refresh. "