Overview
Sonatype helps government agencies build better software, faster. More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.
Products
-
Nexus Lifecycle
Continuously remediate open soruce risk across your SDLC
- Control: Define open source component policies by organization, team, and application type.
- Automate: Automatically and contextually enforce policies across your entire DevOps pipeline.
- Integrate: Continuously visualize component intelligence within your favorite tools (including Nexus and Artifactory).
- Customize: Pair component intelligence with in-house apps using supported REST APIs.
-
Nexus Firewall
Stop risky open source components from entering the SDLC
- Automatically block unwanted Java, JavaScript, .Net, PyPi, RubyGems, and RPM components from entering your software supply chain.
- Improve application hygiene and protect repositories, including staging and release.
- Automatically prevent risky components from entering your applications.
-
Nexus Auditor
Monitor production applications for OSS risk
- Document the parts inside your software or COTS applications with a detailed bill of materials.
- Automatically pinpoint open source security vulnerabilities, license risk, and quality concerns.
- Remediate risk in the blink of an eye and gain first mover advantage.
- Send notifications when unwanted components are identified in evaluated applications.
- Contextually waive policy violations as appropriate.
-
Nexus Repository
Expert flow control for binaries, build artifacts, and release candidates.
- Manage components, build artifacts, and release candidates in one central location.
- Understand component security, license, and quality issues.
- Modernize software development with intelligent staging and release functionality.
- Scale DevOps delivery with high availability and active/active clustering.
- Sleep comfortably with world-class support and training.
Contracts
GSA Schedule Contracts
GSA Schedule 70
GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021SEWP Contracts
SEWP V
Contract Number: Group A Small: NNG15SC03B Group D Other Than Small: NNG15SC27B Term: May 1, 2015 - May 1, 2025State & Local Contracts
City of Seattle Contract
Contract #0000003265 Term: December 19, 2021CMAS
Contract # CMAS 3-12-70-2247E Term: through March 31, 2022Department of General Services PA - Symantec
Contract # 4400004253 Valid through December 19, 2021Pennsylvania COSTARS-3 IT Hardware Contract
Contract: COSTARS-003-451 Contract Period: Through July 18, 2021State of Indiana Contract
Contract Number: 0000000000000000000021430 Term: August 1, 2017 – July 31, 2021State of New Mexico Contract
Contract Number: 80-000-18-00002 Contract Period: August 1, 2017 – August 1, 2021Texas DIR-TSO-3854
DIR-TSO-3854 Contract Period: May 25, 2017 - May 25, 2021 (with 3 option years) Authorized Users: Any Texas state agency, unit of local government, institution of higher education as defined in Section 2054.003, Texas Government Code, and those state agencies purchasing from a DIR contract through an Interagency Agreement, as authorized by Chapter 771, Texas Government Code, any local government as authorized through the Interlocal Cooperation Act, Chapter 791, Texas Government Code, and the state agencies and political subdivisions of other states as authorized by Section 2054.0565, Texas Government Code.VASCUPP
Contract Number: UVA1482501 Term: May 2, 2014– December 19, 2021Events
Past Events
ATARC DevOps Summit - March 12, 2019
AFCEA Spring Intelligence Symposium - March 19-20, 2019
ATARC Federal RSA - March 26, 2019
International Conference on Cyber Engagement - April 23, 2019
GDIT Emerge 2019 - April 23, 2019
Archived Events
-
2020 Events
September 01, 2020May 06, 2020March 02, 2020 - March 03, 2020
-
2019 Events
May 15, 2019May 07, 2019
-
2016 Events
December 08, 2016
- 2015 Events
News
Latest News
January 29, 2019
Sonatype released a commissioned study conducted by research of organizations using the Nexus Platform and their ROIs and more increased profits.
READ MORE >
READ MORE >
January 29, 2019
Sonatype, the Nexus company and a continuous delivery leader, today announced that Equifax Inc. has selected Sonatype’s Nexus platform to manage and monitor its application ...
READ MORE >
READ MORE >
Sonatype, the leader in automated open source governance, announced it has been recognized as one of five “large” SCA Specialists in Forrester Research’s new Now Tech: Software Composition ...
READ MORE >
READ MORE >
All Day DevOps and Sonatype partnered to host the largest conference of high quality educational content to more than 1 million IT professionals to focus on DevOps.
READ MORE >
READ MORE >
Sonatype today released its fourth annual State of the Software Supply Chain Report which found that software developers downloaded more than 300 billion open source components in the past 12 months, ...
READ MORE >
READ MORE >
Today, Sonatype, the leader in automated open source governance and application security, and Micro Focus, creator of Fortify Application Security Portfolio, announced an expanded strategic ...
READ MORE >
READ MORE >
November 20, 2017
Today’s guest is Derek Weeks, VP and DevOps Advocate at Sonatype. The discussion today highlights what has happened to software development in the past ten years. Rather than taking a project and ...
READ MORE >
READ MORE >
September 27, 2017
On this podcast, Curtis Yanko, Technical Director, Alliances and Partners at Sonatype discusses how the Nexus Platform helps customers automate open source governance so they can build software the ...
READ MORE >
READ MORE >
August 31, 2016
In 2010, a 7.0-magnitude earthquake devastated Haiti. The quake killed an estimated 230,000 people and sparked a massive global assistance response. We all remember this tragedy. Yet, six weeks later, ...
READ MORE >
READ MORE >
August 19, 2016
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where ...
READ MORE >
READ MORE >
July 29, 2016
Multiple agencies across the U.S. government are paying closer attention to the software they are buying. More specifically, they want to know what open source and third party components were used to ...
READ MORE >
READ MORE >
July 22, 2016
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software.
READ MORE >
READ MORE >
Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times ...
READ MORE >
READ MORE >
Responsibility for secure open source software is, well, complicated. Some believe open source is more secure than proprietary software because, as Linus’s Law says, “Given enough eyeballs, ...
READ MORE >
READ MORE >
Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application ...
READ MORE >
READ MORE >
Resources
Datasheet
Nexus Auditor will allow you to monitor security vulnerabilities and third party apps. Download this datasheet to know you can manage and protect your open source risks.
Stop open source risks from the start. Learn how you can keep and create open source policies and reduce risk with Nexus Firewall.
Nexus Lifecycle Foundation provides visibility into open risk source before it’s too late. Find out how you can provide the most advanced remediation guidance.
Nexus Responsibility Pro provides a central platform to build artifacts and saves you money. Click to find how you can improve reliability fast.
Eliminate open source risk around the whole SDLC. Click to find out how you can save money and protect your open source choices, without have to reintegrate new technology.
E-Book
Using open source libraries to build application is a no brainer, but always choosing the best open source libraries requires a helping hand. In this eBook, we’ll explore how to leverage the Nexus Platform so that you can improve security and implement quality and secure open source components.
Resources
LONDON – DevOps Enterprise Summit - June 25, 2019 --Sonatype today released its fifth annualState of the Software Supply Chain Report. This year’s report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past...
BOSTON - Red Hat Summit – May 7, 2019 - Sonatype, the inventors of software supply chain automation, announced new capabilities for Red Hat Quay enterprise container registry enabling modern organizations to automate and enforce open source governance policies in the containerized applications the...
Fulton, Md. – March 21, 2019 – Sonatype, the inventors of software supply chain management, today announced a partnership with HackerOne, the leading hacker-powered security platform, to create The Central Security Project (CSP). The first-of-its-kind program brings together the ethical hacker a...