Sonatype Nexus Lifecycle and WhiteSource: Which application security solution is better?

IT Central Station users review two of the highest reviewed solutions in the application security market – Sonatype Nexus Lifecycle and WhiteSource.


Companies and IT operations professionals are having trouble keeping up with ever-changing application architectures, platforms and modern technology standards, and as a result, app security, visibility, and compliance are becoming more of a concern. To overcome these issues, many businesses are looking for application security solutions and the benefits they can offer. However, choosing the right solution isn’t easy – every business is different, and there is no ‘one size fits all’ solution.

Over 388,000 professionals have used IT Central Station research to inform their purchasing decisions. Its latest paper looks at Sonatype Nexus Lifecycle and WhiteSource, two of the highest reviewed solutions in the application security market.

Below is a brief summary of the report, highlighting what real IT Central Station users think of each solution – from their most valuable features, to how they’ve improved individual businesses, as well as what each solution could do better.

Sonatype Nexus Lifecycle

Gives you full control over your software supply chain

With an average rating of 8.6 from 18 reviews, Sonatype Nexus Lifecycle is one of the most sought-after application security solutions currently available. Popular in the financial services, insurance, and computer software industries, the product is used by organisations of all sizes. Organisations with over 1000 employees make up 56% of reviewers, whilst small and mid-size (200-1000 employee) organisations account for 26% and 19% of reviewers.

Plaudits of Sonatype Nexus Lifecycle point to numerous features that help it to stand out against competitors. Many believe that its scanning capability is the most valuable feature, allowing businesses to discover vulnerable open-source libraries with ease. Other features that stand out to users include the solution’s strong firewall and easy to read reporting. Yet, there are a few areas where users feel let down. One key drawback is that there are differences in the features between the products that make up Lifecycle, which can add unnecessary complexity.


Integrates with the DevOps pipeline to detect vulnerable open-source libraries in real time

Achieving an average rating of 8.5 from 11 reviews, WhiteSource is another popular solution in the application security market. Reviewers work in a range of industries, from computer software and financial services to consumer goods. It is also reviewed frequently by organisations of all sizes. Small and mid-size companies combine to make up 50% of reviewers, with 42% and 8% respectively. Large organisations account for the remaining 50%.

The fix suggestions feature is commonly seen by reviewers one of the product’s key selling points, allowing users to quickly find the best path for remediation and get a specific trace back to where the vulnerability is located. This feature is complimented by the solution’s good reporting and full visibility. However, WhiteSource is not without its flaws, and critics point to its underwhelming dashboard UI and UX as areas that need to be improved.   

IDGConnect_itcentralstation_applicationsecurity_downloadbutton_2100x912 IDG Connect