• slide
  • slide
  • slide


Sonatype helps government agencies build better software, faster. More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.


  • Nexus Lifecycle

    Continuously remediate open soruce risk across your SDLC

    • Control: Define open source component policies by organization, team, and application type.
    • Automate: Automatically and contextually enforce policies across your entire DevOps pipeline.
    • Integrate: Continuously visualize component intelligence within your favorite tools (including Nexus and Artifactory).
    • Customize: Pair component intelligence with in-house apps using supported REST APIs.
  • Nexus Firewall

    Stop risky open source components from entering the SDLC

    • Automatically block unwanted Java, JavaScript, .Net, PyPi, RubyGems, and RPM components from entering your software supply chain.
    • Improve application hygiene and protect repositories, including staging and release.
    • Automatically prevent risky components from entering your applications.
  • Nexus Auditor

    Monitor production applications for OSS risk

    • Document the parts inside your software or COTS applications with a detailed bill of materials.
    • Automatically pinpoint open source security vulnerabilities, license risk, and quality concerns.
    • Remediate risk in the blink of an eye and gain first mover advantage.
    • Send notifications when unwanted components are identified in evaluated applications.
    • Contextually waive policy violations as appropriate.
  • Nexus Repository

    Expert flow control for binaries, build artifacts, and release candidates.

    • Manage components, build artifacts, and release candidates in one central location.
    • Understand component security, license, and quality issues.
    • Modernize software development with intelligent staging and release functionality.
    • Scale DevOps delivery with high availability and active/active clustering.
    • Sleep comfortably with world-class support and training.


GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021

SEWP Contracts


Contract Number: Group A Small: NNG15SC03B Group D Other Than Small: NNG15SC27B Term: May 1, 2015 - May 1, 2025

State & Local Contracts

City of Seattle Contract

Contract #0000003265 Term: December 19, 2021


Contract # CMAS 3-12-70-2247E Term: through March 31, 2022

Department of General Services PA - Symantec

Contract # 4400004253 Valid through December 19, 2021

Pennsylvania COSTARS-3 IT Hardware Contract

Contract: COSTARS-003-451 Contract Period: Through July 18, 2021

State of Indiana Contract

Contract Number: 0000000000000000000021430 Term: August 1, 2017 – July 31, 2021

State of New Mexico Contract

Contract Number: 80-000-18-00002 Contract Period: August 1, 2017 – August 1, 2021

Texas DIR-TSO-3854

DIR-TSO-3854 Contract Period: May 25, 2017 - May 25, 2021 (with 3 option years) Authorized Users: Any Texas state agency, unit of local government, institution of higher education as defined in Section 2054.003, Texas Government Code, and those state agencies purchasing from a DIR contract through an Interagency Agreement, as authorized by Chapter 771, Texas Government Code, any local government as authorized through the Interlocal Cooperation Act, Chapter 791, Texas Government Code, and the state agencies and political subdivisions of other states as authorized by Section 2054.0565, Texas Government Code.


Contract Number: UVA1482501 Term: May 2, 2014– December 19, 2021


Past Events

ATARC DevOps Summit - March 12, 2019

AFCEA Spring Intelligence Symposium - March 19-20, 2019

ATARC Federal RSA - March 26, 2019

International Conference on Cyber Engagement - April 23, 2019

GDIT Emerge 2019 - April 23, 2019

Archived Events


Latest News

Sonatype released a commissioned study conducted by research of organizations using the Nexus Platform and their ROIs and more increased profits.
January 29, 2019
Sonatype, the Nexus company and a continuous delivery leader, today announced that Equifax Inc. has selected Sonatype’s Nexus platform to manage and monitor its application ...
Sonatype, the leader in automated open source governance, announced it has been recognized as one of five “large” SCA Specialists in Forrester Research’s new Now Tech: Software Composition ...
All Day DevOps and Sonatype partnered to host the largest conference of high quality educational content to more than 1 million IT professionals to focus on DevOps.
Sonatype today released its fourth annual State of the Software Supply Chain Report which found that software developers downloaded more than 300 billion open source components in the past 12 months, ...
Today, Sonatype, the leader in automated open source governance and application security, and Micro Focus, creator of Fortify Application Security Portfolio, announced an expanded strategic ...
Today’s guest is Derek Weeks, VP and DevOps Advocate at Sonatype. The discussion today highlights what has happened to software development in the past ten years. Rather than taking a project and ...
On this podcast, Curtis Yanko, Technical Director, Alliances and Partners at Sonatype discusses how the Nexus Platform helps customers automate open source governance so they can build software the ...
In 2010, a 7.0-magnitude earthquake devastated Haiti. The quake killed an estimated 230,000 people and sparked a massive global assistance response. We all remember this tragedy. Yet, six weeks later, ...
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where ...
Multiple agencies across the U.S. government are paying closer attention to the software they are buying. More specifically, they want to know what open source and third party components were used to ...
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software.
Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times ...
Responsibility for secure open source software is, well, complicated. Some believe open source is more secure than proprietary software because, as Linus’s Law says, “Given enough eyeballs, ...
Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application ...



Nexus Auditor will allow you to monitor security vulnerabilities and third party apps. Download this datasheet to know you can manage and protect your open source risks.

Stop open source risks from the start. Learn how you can keep and create open source policies and reduce risk with Nexus Firewall.

Nexus Lifecycle Foundation provides visibility into open risk source before it’s too late. Find out how you can provide the most advanced remediation guidance.

Nexus Responsibility Pro provides a central platform to build artifacts and saves you money. Click to find how you can improve reliability fast.

Eliminate open source risk around the whole SDLC. Click to find out how you can save money and protect your open source choices, without have to reintegrate new technology.


Using open source libraries to build application is a no brainer, but always choosing the best open source libraries requires a helping hand. In this eBook, we’ll explore how to leverage the Nexus Platform so that you can improve security and implement quality and secure open source components.


LONDON – DevOps Enterprise Summit - June 25, 2019 --Sonatype today released its fifth annualState of the Software Supply Chain Report. This year’s report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past...

BOSTON - Red Hat Summit – May 7, 2019 - Sonatype, the inventors of software supply chain automation, announced new capabilities for Red Hat Quay enterprise container registry enabling modern organizations to automate and enforce open source governance policies in the containerized applications the...

Fulton, Md. – March 21, 2019 – Sonatype, the inventors of software supply chain management, today announced a partnership with HackerOne, the leading hacker-powered security platform, to create The Central Security Project (CSP). The first-of-its-kind program brings together the ethical hacker a...