Overview

Sonatype helps government agencies build better software, faster. Like a supply chain, applications are built by assembling open source and third party components from a wide variety of public and proprietary sources. While assembling software from existing components is faster and more efficient than custom coding every feature, the flow of components into and through an organization introduces complexity and potential risk, breaches and rework.

By eliminating unnecessary complexity, inefficiency, rework and manual effort across the software life cycle, organizations accelerate development while also increasing efficiency and quality.

Products

  • Nexus Lifecycle
    Get precise intelligence about open source components throughout your entire software supply chain.
    • Create and customize a range of automated policies to deal with unwanted open source components.
    • Set rules for component usage by organization, team, and application.
    • Integrate directly into development tools like Eclipse, IntelliJ, Jenkins, Bamboo, SonarQube and many more
  • Nexus Firewall
    Automatically stop risky components from entering your software supply chain.
    • Instantly see every open source component flowing into your organization
    • Stop, analyze, and selectively admit components
    • Define and enforce policies for open source component usage
    • Keep production apps safe from risky components
  • Nexus Auditor
    Know immediately the quality and risk associated to the open source components used in your applications
    • Launch on-demand evaluations via an intuitive user interface or directly from the command line
    • Get detailed evaluation reports that's been vetted by Sonatype experts and pinpointed down to the component and any transitive dependencies
    • Continuously monitor applications in production
  • Nexus Repository Pro
    The enterprise-grade solution for managing, organizing and distributing software components.
    • Get a detailed list of security vulnerabilities and license compliance issues for any open source components found inside your repositories
    • Give distributed teams the speed and efficiency of an intelligent component warehouse
    • Most reliable highly available source for all open source components
    • Includes enterprise support and access to an expert support team

Contracts

GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021


SEWP Contracts

SEWP V

Contract Number: Group A Small: NNG15SC03B Group D Other Than Small: NNG15SC27B Term: May 1, 2015 - April 30, 2020


Events

Archived Events

News

Latest News

In 2010, a 7.0-magnitude earthquake devastated Haiti. The quake killed an estimated 230,000 people and sparked a massive global assistance response. We all remember this tragedy. Yet, six weeks later, ...
READ MORE >
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where ...
READ MORE >
Multiple agencies across the U.S. government are paying closer attention to the software they are buying. More specifically, they want to know what open source and third party components were used to ...
READ MORE >
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software.
READ MORE >
Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times ...
READ MORE >
Responsibility for secure open source software is, well, complicated. Some believe open source is more secure than proprietary software because, as Linus’s Law says, “Given enough eyeballs, ...
READ MORE >
Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application ...
READ MORE >

Resources

sonatype_logo_BlackOnWhite_CMYK.png
Resource
Sonatype’s Nexus platform helps organizations build better software, even faster. Similar to a manufacturing production line with a supply chain of parts, applications are built by assembling open source and third party components from a wide variety of public and proprietary sources. Assemblin...

Learn how Nexus Lifecycle gives you full control over your software supply chain and allows you to define rules, actions, and policies that work best for your organization and teams.

Software developers use open source and third party components to be more competitive and speed time to innovation. Because of this, open source usage is massive and it's growing. Over 7,000 new projects and 70,000 open source components (versions) are released each week and in 2016 alone, there wer...

At the heart of Nexus Firewall is the IQ Server, which provides fully-customizable policy management for identifying and protecting your repositories, as well as detailed intelligence regarding each and every component it finds. Learn more about how the Nexus Firewall allows you to set and automate ...

Sonatype Component Fabric: To meet the demands of modern software development, Sonatype created a new version of Nexus Repository Manager. This time with integrated high availability, powered by a new technology we like to call Component Fabric.

Gartner report states:Make OSS software module identification, configuration and vulnerability scanning a priority in 2016 and 2017. Traditional static application security testing (SAST) and dynamic application security testing (DAST) are too heavyweight, complex and won't work or scale for DevSecO...

Nexus repository managers help organizations build better software, faster. Like a supply chain, applications are built by assembling open source and third party components from a wide variety of public and proprietary sources. While assembling software from existing components is faster and more...

Relentless cyber attacks from adversaries have prompted federal agencies to take a more holistic and systematic approach to integrating information security into broader organizational risk management strategies. Practices defined in the Risk Management Framework (RMF) are being employed across the ...

Information security architects must integrate security at multiple points into DevOps workflows in a collaborative way that is largely transparent to developers, and preserves the teamwork, agility and speed of DevOps and agile development environments, delivering "DevSecOps."

Nexus Repository Pro is powered by Repository Manager, the same technology found in our OSS version with more than 100,000 installations world-wide.