Sonatype Nexus Repository Reviews

It's our building background. We use it as a proxy repository to Maven, for example, and we use it to store our own good results and to bring them into production. So it's a turning point for this.

It works well together with the Nexus IQ. We can check our incoming artifacts from third parties with the help of the Nexus Secure server, which correlates with the Nexus support.

And we can provide good results or products to customers where they can download it from there and bring it into production on servers or something like that. So it's everything in this field.

The quality of documentation is good. I can find what I'm looking for every time. Except, there are some mistakes or errors in the backpacks. So, in this case I have to contact support.

It is not as well-suited for managing NPM packages as it is for managing Maven packages.

So, there are potential challenges in seamlessly integrating with non-Maven technologies.

I have been using this for five years. I am using Sonatype Nexus Repository version 3.48.

The product has been stable since the deployment. I would rate the stability a nine out of ten. 

We are not using any scaling mechanisms which are provided with this product. We would just use more CPU, something like that. But it's okay. There's not much need for scalability here. Not so many people are accessing the repository right now. So it works fine for us.

There are over 130 end users using this solution. 

The customer service and support are good because if there are some problems, we can open a ticket there. And usually, we get help within a day at the latest. Often much earlier.

They are good regarding their speed of response, and the staff is very good. 

Positive

The initial setup was not challenging. We've changed from Nexus 2, which we have used earlier. So, this was a migration process, which was just a simple turn-on. Just that system is a step on, but however, it worked fine. So there was no real problem. 

The deployment took around two months. Two to three people were involved in the process.

We have around five administrators for the solution.

The licensing cost is transparent and cheap. Overall, it is a very good price. 

We pay for a license, and the support is connected to it. We regularly communicate with our customer success engineer. And we have the technical support and the documentation. So, there's no extra charge for the support included in the license.

Our company used JFrog. 

I recommend examining your processes to determine if they align with this tool, as its history is heavily concentrated on Maven. If your operations involve Maven, this solution is likely the most suitable. 

As we primarily focus on Java and Maven, I would give this solution a rating of nine out of ten in such cases. 

However, if your emphasis shifts towards NPM products or NuGet, using Nexus is still feasible but may require more effort. The tool is more centered around Maven, making it a bit challenging to seamlessly integrate with NPM. 

In such scenarios, opting for a different product might be more favorable. Nevertheless, if your environment revolves around Java or related technologies, Nexus stands out as a top-notch product in the market.

I have found managing the artifact features very useful.

They could improve the user interface and REST APIs. I found that JFrog has multiple features as compared to Nexus Artifactory. JFrog is more advanced, so it has many good features. The REST API is good. The CLI and the integration with other build tools are quite good in JFrog, so comparatively I found the Nexus has to improve a lot.

I have been using Sonatype Nexus Repository for the past year.

The stability of Sonatype Nexus Repository is very good.

I found that Sonatype Nexus Repository is scalable in multiple cases.

The technical support is good, although I have not had to work with the technical support a lot.

The setup was relatively easy and did not take a long time.

I currently use the open source version and enterprise version with my client. The cost is managed by the client.

I would rate Sonatype Nexus Repository an eight out of ten.

Our primary use case is as a manager and storage location for open-source software components. We utilize the Nexus repository to store safe open-source components that our developers can utilize in their applications, as opposed to their going out to the internet and getting potentially unsafe versions of the open-source components.

We use it to manage binaries both in the IMR and in staging. Our biggest use of the software, as stated before, is to store open-source software components for user applications. The second biggest use is as a staging repository. We'll stage binaries for changes that are ready for deployment across to a production environment. We'll stage them there so we know they're centrally located. If we want to do any scans we can do them right there before they're deployed to our enterprise.

It has improved the organization in that it has helped us ensure that developers are utilizing the safe, open-source components we provide to them. We know who they are, through the use of the Nexus software, when they took them, and where they're being used. It has helped us to increase the security of our applications.

One of the most valuable features is the variety of permissions you can use on the repository. That helps us protect access to the information inside of the repository.

I would like to see them build in some scanning features out-of-the-box, as opposed to only getting them by buying the add-ons of Nexus IQ Server. I would like to see some level of ability to filter in the tool itself, through scanning the binaries in there.

Thus far, the reliability has been good. I haven't seen any problems with the Nexus software breaking down.

It's very scalable.

Tech support is fine, they're very responsive.

They were using SharePoint sites, file folders on servers. We still using them to some degree. They switched to Sonatype because they wanted to get the increased security portion of Sonatype, known as Nexus IQ Server, but they had to purchase the repository first. They're just now getting the money for the rest of it.

I wasn't here when they did the initial setup, but they did it in a slow manner. They started off with a proof of concept. It took at least a year. It was easy to install on the servers, but the politics and building up users took six months.

It looked like the implementation strategy they came up with was to do the proof of concept, then get some projects to start, and grow it slowly until the value was seen. And then they forced everybody, so they had no choice but to use it.

They used a consultant. 

Using it for the IMR we have a sense of security now that we control what goes out to changes in our enterprise.

It seems like a fair price, based on other software solutions I've purchased.

There were other options. Veracode was one of them.

Make sure you know how you want to use it, and set up your rules, processes, and policies before you implement it.

Their customer service is pretty good. Their software does what it says it does. They've got another component add-on we're looking to purchase that will assist us. Sonatype has business relationships with other companies which sell their software, and their name is known in the DevOps world. They're a stable company and have a stable product.

In terms of the number of users using our Nexus Repository, just about every developer who programs in Java has to use one portion of it, and we have about 500 of them. At least 300 users in the IT community use it. For deployment and maintenance of the solution I've got three people. One of whom is on contract. They're involved in maintaining the software, keeping it up to date, configuring it for better security, training users, etc.

We are looking to increase usage up to 500 people when we get the next component.

I'd give the product an eight out of ten. If they want a ten, they should cut their price in half and they should increase the security capabilities out-of-the-box.

We use Sonatype Nexus Repository as a proxy for external packages for internet users. It also helps us manage internal packages and works as a repository for container images.

The product helped our organization improve runtime efficiency. We do not have to connect third-party vendors while building external packages or storing container-approved images. It allows end-to-end life cycle accessibility.

Sonatype Nexus Repository has a valuable internal scanner feature. It automatically scans external artifacts, such as Fortify SAST, before storing them in the repository.

There could be more add-on features for the product. They should provide automation for adding container images and artifacts in compliance with security requirements.

We have been using Sonatype Nexus Repository for one year.

I rate the product's stability a seven out of ten. Sometimes, there are challenges in mitigating intermittent incidents. There might be factors such as network issues impacting communication.

We have 20,000 to 40,000 end users for the product. It is easy to scale. I rate its scalability an eight out of ten. We use it 24/7.

The technical support team takes time to respond and depends on the nature of the request. We have to keep contacting them. However, the process to create tickets is simple.

Neutral

I have worked on POCs for different products.

The initial setup is simple if you have access to container images. It is a seamless process for upgrading as well. Everything is well documented on the vendor’s official site. They form regular maintenance to comply with organizational requirements. They have a good maintenance process for updating and addressing issues. We have a team of 100 executives working on the current project to maintain components.

I use the open-source version of the product, which is free of cost.

I rate Sonatype Nexus Repository an eight out of ten. I advise others to update the business continuity plan for components regularly, i.e., semi-annually or quarterly. Use container images for the next migration or maintenance update. They should secure the user interface. Additionally, they should ensure a good storage process and plan a retention policy for all attacks.

We use it as a repository for build artifacts. We have 300 developers and most of them use Nexus Repository to do their builds.

They are mostly stream-mode applications, as well as front-end Angular applications. We definitely pull down most of the main dependencies, binaries, build artifacts, and release candidates.

We use it for open-source governance, that's one of its every day uses. We have so many applications and so many services.

If there are any issues in build security, it can pick them up straight away.

We had some issues with the container platform, but we raised a support ticket and it was sorted out for us.

So far we haven't had any issues. But when we go into the container world we might, because we haven't gone into the container world yet.

We've had no issues, as of now, with the scalability. We have been licensed for 250 users for the Repository and we haven't found any issues. The users' roles are DevOps, pure developers, and some of them are testers. As for deployment and maintenance of the solution, that comes under DevOps. Some of the DevOps guys are supporting the platform as well as doing the builds and setting up the pipelines, etc.

I talk to Camden from Sydney, and he's been helpful. I've never had any issues with him. Amar has been a very good support resource as well, including help with the documentation.

They were using Artifactory before, and they were not happy.

Nexus is pretty straightforward. It's not complex. We didn't have any issues. The deployment took a couple of hours from start to end.

In terms of an implementation strategy, we started off pretty simply, just setting up a server, making sure that the server was connected to the internet. We then pulled everything from down from the internet and set up the Nexus server. We then gave proper access to the developers who wanted to use it.

Our deployment was entirely internal.

We just got a license for 250 at the end of December, so people have just started using it recently. Previously, the guys who were using it were using the open source license. So we don't have any evaluation of ROI yet.

I'm not sure if they evaluated other products. But people have used Nexus a lot and they are quite comfortable with it.

It's definitely worth looking into as a DevOps tool, which can be integrated into the build pipelines.

We use the Nexus Repository but now we are definitely planning to increase the usage.  We are looking at the Lifecycle and Firewall products as well. This is the first time we have started looking into this aspect of Dev Lifecycle Ops. That's in the process of evaluation and, once all the evaluation is done, we will consider it. The build Repository is definitely the main application but to make sure whatever we do is secure and compliant, the Lifecycle is looking to be more important.

I rate the product at eight out of ten. The two points are because it's still somewhat unknown, we haven't used it intensively.

Sonatype Nexus Repository is our content repository for the programs we are developing.

It has enhanced the pipeline. It's a critical part of the DevOps infrastructure.

While there are not many features, they're all useful, particularly the ability to store and retrieve content, and to proxy all of the features that an enterprise repository manager should have.

I would like to see multifactor authentication implemented.

The only thing that I would like to see is multifactor authentication. This is a critical feature that must be included.

I have been working with Sonatype Nexus Repository for a couple of years.

We are using the most recent version.

It is a cloud, but it is limited to our company and is hosted by AWS and Azure.

Sonatype Nexus Repository is stable. It's solid.

Sonatype Nexus Repository is scalable, we are able to scale both vertically and horizontally. We haven't had any problems either way.

My current program has about 100 users, but they are not users, but rather a pipeline. The primary user is the pipeline. This solution is used hundreds of times throughout the day by the pipeline.

It's a critical piece of our infrastructure.

Technical support is excellent.

If you have a support license, which we do, it's very good. They are extremely competent, and they know what they are doing.

We have corporate licenses, for  SonarQube and Sonatype Nexus Lifecycle.

I am not sure how long we have had corporate licenses. Sonatype offers several products, including Nexus, Nexus Repo, and Nexus IQ, which I have worked with for a few years,  perhaps two, or three years.

The initial setup is straightforward.

The complexity of the setup varies depending on the type. The LFS type was essentially a three. Other repo types were a ten.

The deployment process was very simple, taking only a few hours.

We are integrators. 

I completed the implementation. It's fairly simple to integrate.

Maintenance requires very little staff.

I can't quantify it, but we couldn't execute our pipeline without it.

It's a corporate license, but I'm not sure how much it will cost.

There were costs in addition to the standard licensing fees. The standard is free.

It was already in place, but I am satisfied with it.

It should be integrated and become a part of your pipeline as soon as possible. The earlier you start, the better.

I would rate Sonatype Nexus Repository an eight out of ten. A score of eight, because, the multifactor is critical. That's why it loses a couple of points.

We are using Sonatype Nexus Repository for capturing or creating our software bill of materials, such as Maven, Python, no NPM, and Node.js Repos. They are open-source packages that we've scanned and that we want to keep as is. Additionally, we use it for our snapshots and releases of our own binaries.

The most valuables features of the Sonatype Nexus Repository are you can block any uploads that you do not want. For example, from Maven. Even though someone will try to create a pump file with a package not currently in our repository, they can go and get it, but it won't store it into the Sonatype Nexus Repository and therefore won't be propagated across the enterprise.

Sonatype Nexus Repository could improve by making the experience working with CI/CD pipelines, such as GitHub Action or GitLab better.

I have been using the Sonatype Nexus Repository for approximately 

The stability of the Sonatype Nexus Repository is good, we did not have any performance issues.

I did not use technical support.

The initial installation of the Sonatype Nexus Repository is straightforward.

My advice to others wanting to implement the Sonatype Nexus Repository is to make sure that it supports the language they are developing in. If you're a .NET developer, that would be a difficult language to use. However, if you want to do docker images, make sure you know what kind of docker to do.

I rate Sonatype Nexus Repository an eight out of ten.