For example, seeing more than the 100 first reports or, seeing your comments when you process a waiver for a vulnerability or a violation." "In the beginning, we sometimes struggle to access the customer environment. Some functionalities are missing from the UI that could be accessed using the API but they are not available. NET packages." "Sonatype Nexus Lifecycle can improve the functionality. It would be good if Sonatype would check the status of annotations for. "We got a lot of annotations for certain libraries when it comes to Java, but my feeling, and the feeling of a colleague as well, is that we don't get as many for critical libraries when it comes to. They provide the best support possible." "Vulnerability detection accuracy is good." When we needed something, we could reach out and set up a meeting. You just need to set up a project or an app and then you just make the connection in all the tools you're using." "The IQ server and repo are the most valuable." "Sonatype support is quite responsive. I have not heard about anything that is not working. Colleagues are using the Javascript IDE from JetBrains called WebStorm and there is an integration for that from Nexus Lifecycle. I have the integration for Eclipse and for Visual Studio. My team deployed new versions on that same day and successfully eliminated the vulnerabilities, so right now, the best feature of Sonatype Nexus Lifecycle is finding which applications have vulnerabilities." "The integrations into developer tooling are quite nice. My team couldn't find which applications had the vulnerability initially, but using Sonatype Nexus Lifecycle helped. Still, one of the best functions of the product is the guidance it gives in finding which components or applications have vulnerabilities.įor example, my team had a vulnerability or a CVE connected to Apache last week. The remediation of issues that you can do and how the information is offered is also valuable." "Due to the sheer amount of vulnerabilities and the fact that my company is still working on eliminating all vulnerabilities, it's still too early for me to say what I like most about Sonatype Nexus Lifecycle. The nice thing is that it's built into the ID so that they can see all versions of a specific code." "The most important features of the Sonatype Nexus Lifecycle are the vulnerability reports." "The quality or the profiles that you can set are most valuable. "Lifecycle lets developers see any vulnerabilities or AGPL license issues associated with code in the early stages of development.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |