55 Sonatype Testimonials

"The biggest advantage of using IQ Server is to be able to report to our project team what specific libraries are used within our applications. We have immediate visibility into security issues."

“Without Nexus Lifecycle, you just don’t know the true composition of your applications, and what elements of security, legal, and licensing risk you’re exposed to. A security breach that results in just a 1% hit to the customer base can manifest itself as hundreds of millions of dollars lost.”

“Nexus Platform doesn't presume how you want to use it. It provides you with information. It provides you with data and then it gives you the tools to take that information, customize it, and do what you want with it.”

"Before Lifecycle, we really had no way to monitor policy violations or licensing risks. Lifecycle gave us a way to actually prioritize what to fix."

“A bill of materials, whether it’s of open source components or inhouse components, is part of the overall strategy on large software projects for having trusted, secure components that you vetted and verified are good and acceptable. Reusing those is a key component or piece of the strategy.”

"We evaluated Black Duck, Veracode and Nexus Lifecycle. My colleagues and I chose Nexus Lifecycle because it is the best solution for what we are trying to do: remove all critical findings before they reach production."

"We are dealing with patient data and healthcare data. Security comes above everything. The fact that we can trace vulnerabilities and their dependencies with Nexus Lifecycle alleviates this from our list of things do."

“Security isn't just security's job, everyone needs to feel it through and through.”

“Repository management isn’t optional anymore in modern software development. I rely on Nexus because Sonatype has substantial experience in delivering intelligent features and has never let me down.”

"Nexus Lifecycle tells developers exactly what they need to know about the components inside their applications. For organizations working in Java, Node.js and .NET, these are valuable tools."

“Without Nexus Lifecycle, you just don’t know the true composition of your applications, and what elements of security, legal, and licensing risk you’re exposed to. A security breach that results in just a 1% hit to the customer base can manifest itself as hundreds of millions of dollars lost.”

“Today, open source components underpin a vast majority of our most mission-critical applications at the firm. As we work to build, maintain and update these applications, we must also ensure that we are using the highest quality open source components at every stage of the development cycle.”

"I can't even imagine what it would be like these days to go back to a manual process. I can't even think of how long that would take because back in the days when we were doing it manually we purposefully used less open source software because it was so painful."

“In order to work in an agile way, we needed to modernize the tools that we used to be successful.”

“We can produce functionality and new applications really, really fast, and that's gone exponential.”