Sold by: SonatypeÂ
Deployed on AWS
For the more than 90% of companies that rely on open source software (OSS), Sonatype secures the software supply chain. We do this in a way that accelerates digital innovation without sacrificing security or quality across the software supply chain. It is the only automated malware and vulnerability detection solution that will keep your repositories secure, reduce security rework for your developers, and accelerate your time to market. Get started today with Sonatype Lifecycle and Sonatype Repository Firewall.
Overview
Sonatype is the gold standard in Open Source Security (OSS) and software supply chain management. Sonatype unites the security team and developers and the ops team to accelerate digital innovation without sacrificing security or quality across the software supply chain.
What Makes Sonatype Different:
#1 Demonstrated ROI, Clear Results: A third-party study estimates a 232% ROI and 12-month payback on the Sonatype platform. In-platform insights show risks managed and benchmark your performance.
#2 Intelligent Risk Management: AI-enabled behavioral analysis combined with a 60+ person world-class research team experience discovers vulnerabilities 10x faster than the National Vulnerabilities Database and 95x more malicious packages versus alternative solutions.
#3 You Can Write Better Code Faster: Sonatype Lifecycle combines security policy automation with instant, detailed developer feedback. There is no tradeoff between risk management and productivity.
Our award-winning, analyst-recognized offers include:
Sonatype Lifecycle - Software Composition Analysis (SCA), Software Supply Chain Security, Developer Enablement - Have full control over your software supply chain with the ability to define security, license, enforcement and remediation policies that work best for your organization - all in a single platform. Lifecycle helps you continuously monitor risks at every stage of the software development lifecycle (SDLC) and automatically remediate them with intelligent guidance, helping teams develop software fearlessly and at scale.
Sonatype Repository Firewall - Software Supply Chain Security - An automated malware and vulnerability detection system that guards the door of your repository to protect your organizations from both known and unknown risks, including malware, present in third-party libraries and open source ecosystems. Repository Firewall automatically defends against software supply threats including dependency/namespace confusion and malware injection.
With Sonatype, you can develop software fearlessly by mitigating risk without sacrificing speed, quality, or developer productivity.
Contact us for private offers at aws-opportunities@sonatype.comÂ
Highlights
- Reduce vulnerability remediation time by more than 80 percent by using the most comprehensive vulnerability intelligence data with more than 130M components analyzed.
- Rely on technology trusted by more than 15M developers worldwide from the leader in Open Source Software (OSS) Security.
- Increase software release velocity by 6x by automating security into the development process.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Lifecycle Only | For 450 Users | $409,500.00 |
Lifecycle & Firewall | For 420 Users | $495,660.00 |
Vendor refund policy
We do not offer a refund policy.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Solve DevOps
Top
10
In Source Control
Top
10
In Continuous Integration and Continuous Delivery, Application Development, Security
Top
10
In Agile Lifecycle Management, Source Control
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Vulnerability Detection
AI-enabled behavioral analysis with advanced vulnerability discovery capabilities, identifying risks 10x faster than the National Vulnerabilities Database
Software Composition Analysis
Comprehensive software supply chain security platform with continuous risk monitoring across software development lifecycle stages
Automated Security Policy
Intelligent security policy automation with instant developer feedback and remediation guidance
Malware Protection
Automated malware and vulnerability detection system guarding repository access against known and unknown software supply chain threats
Threat Intelligence
Advanced research-driven vulnerability management with a dedicated 60+ person research team analyzing software component risks
Artifact Management
Universal artifact repository supporting 40+ package and file types including machine learning models
Security Scanning
Comprehensive security solution with contextual vulnerability analysis, prioritization, and anti-tampering mechanisms across software development lifecycle
Software Supply Chain Traceability
Massively scalable platform providing end-to-end visibility and control across software development and deployment environments
Vulnerability Detection
Advanced security scanning for real-world risk analysis, exposure discovery, and early blocking of malicious open source packages
DevSecOps Integration
Hybrid platform integrated with multiple software package technologies and tools for consolidated enterprise development workflows
Artifact Format Support
Supports multiple artifact formats including Docker, Java, Go, PHP, Python, and other development ecosystems
Access Control
Implements role-based access controls for secure artifact management and repository access
Repository Management
Centralized repository for storing, publishing, and retrieving versioned applications and dependencies
Operating System
Deployed on Ubuntu 20.04 Linux distribution with optimized configuration
Software Artifact Storage
Provides private hosted repositories for managing software development artifacts and dependencies
Standard contract
No
No
Customer reviews
0 ratings
0 AWS reviews
|
1 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Jay-Kim
Accurate database support blocks malicious code with excellent support
Reviewed on Jan 20, 2025
Review provided by PeerSpot
What is our primary use case?
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the internal network, so our company uses Nexus Repository . We usually consider adding the firewall feature on top of the Repository, with the main purpose being to block malicious packages.
What is most valuable?
The firewall is the only solution that supports Nexus Repository. This firewall comes with an accurate database, which can identify most malicious code from entering. It relies on the Sonatype accurate database, so the accuracy is excellent. There is no other option except Sonatype deploy to the firewall.
What needs improvement?
There are several features lacking in the current offering, particularly concerning container support and AI packages, like humming phase support. However, I have heard that it is on the roadmap for 2025.
For how long have I used the solution?
I have been using this solution for four years.
What do I think about the stability of the solution?
It is software, so there is always a possibility of bugs, however, they are quite fast in fixing these bugs. It is quite stable.
What do I think about the scalability of the solution?
There is an option to scale the capacity using an external database, and then you also have support. I do not think there is any issue with scalability.
How are customer service and support?
The customer service is fantastic. They provide the required responses and relevant support, which is the biggest advantage of using Sonatype.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I do not have handling experience with another firewall. Sonatype Firewall is the only one I have been using. There is only one other alternative.
How was the initial setup?
The initial setup is quite straightforward and easy. It is not complicated.
What about the implementation team?
Just a couple of staff members can complete the installation and configuration.
What's my experience with pricing, setup cost, and licensing?
Also, I consider it average. Some people might consider it expensive, however, since it supports many beautiful features, I would say it is worth it.
Which other solutions did I evaluate?
We looked at Sonatype or Gather. There are not that many options.
What other advice do I have?
I would give the solution eight out of ten. I would look at the comparison of Sonatype to some other firewalls. There is room for improvement, especially mentioning container support and AI packages.Â