• slide
  • slide
  • slide

Overview

Sonatype helps government agencies build better software, faster. More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.

Products

  • Nexus Lifecycle

    Continuously remediate open soruce risk across your SDLC

    • Control: Define open source component policies by organization, team, and application type.
    • Automate: Automatically and contextually enforce policies across your entire DevOps pipeline.
    • Integrate: Continuously visualize component intelligence within your favorite tools (including Nexus and Artifactory).
    • Customize: Pair component intelligence with in-house apps using supported REST APIs.
  • Nexus Firewall

    Stop risky open source components from entering the SDLC

    • Automatically block unwanted Java, JavaScript, .Net, PyPi, RubyGems, and RPM components from entering your software supply chain.
    • Improve application hygiene and protect repositories, including staging and release.
    • Automatically prevent risky components from entering your applications.
  • Nexus Auditor

    Monitor production applications for OSS risk

    • Document the parts inside your software or COTS applications with a detailed bill of materials.
    • Automatically pinpoint open source security vulnerabilities, license risk, and quality concerns.
    • Remediate risk in the blink of an eye and gain first mover advantage.
    • Send notifications when unwanted components are identified in evaluated applications.
    • Contextually waive policy violations as appropriate.
  • Nexus Repository

    Expert flow control for binaries, build artifacts, and release candidates.

    • Manage components, build artifacts, and release candidates in one central location.
    • Understand component security, license, and quality issues.
    • Modernize software development with intelligent staging and release functionality.
    • Scale DevOps delivery with high availability and active/active clustering.
    • Sleep comfortably with world-class support and training.

Contracts

Federal

GSA Schedule 70

GS-35F-0119Y
Dec 20, 2011- Dec 19, 2016

SEWP V

NNG15SC03B/NNG15SC27B
May 01, 2015- Apr 30, 2020

State and Local

CMAS

3-12-70-2247E
Aug 28, 2012- Dec 19, 2016

City of Seattle Contract

0000003265
Jul 11, 2014- Dec 19, 2016

Department of General Services PA - Symantec

4400004253
May 01, 2009- Jun 17, 2017

Pennsylvania COSTARS-6 IT Software Contract

COSTARS-006-176
Aug 31, 2017- Aug 31, 2019

State of Indiana Contract

0000000000000000000021430
Aug 01, 2017- Jul 31, 2019

State of New Mexico Contract

80-000-18-00002
Aug 01, 2017- Aug 01, 2021

Texas DIR-TSO-3854

DIR-TSO-3854
May 25, 2017- May 25, 2018

Education

Massachusetts Higher Education Consortium (MHEC)

MC15-04
Aug 10, 2019- Jun 30, 2022
*Additional Option Years Available

VASCUPP

UVA1482501
May 02, 2014- Dec 19, 2016

Events

Past Events

ATARC DevOps Summit - March 12, 2019

AFCEA Spring Intelligence Symposium - March 19-20, 2019

ATARC Federal RSA - March 26, 2019

International Conference on Cyber Engagement - April 23, 2019

GDIT Emerge 2019 - April 23, 2019

Archived Events

News

Latest News

Sonatype released a commissioned study conducted by research of organizations using the Nexus Platform and their ROIs and more increased profits.
READ MORE >
January 29, 2019
Sonatype, the Nexus company and a continuous delivery leader, today announced that Equifax Inc. has selected Sonatype’s Nexus platform to manage and monitor its application ...
READ MORE >
Sonatype, the leader in automated open source governance, announced it has been recognized as one of five “large” SCA Specialists in Forrester Research’s new Now Tech: Software Composition ...
READ MORE >
All Day DevOps and Sonatype partnered to host the largest conference of high quality educational content to more than 1 million IT professionals to focus on DevOps.
READ MORE >
Sonatype today released its fourth annual State of the Software Supply Chain Report which found that software developers downloaded more than 300 billion open source components in the past 12 months, ...
READ MORE >
Today, Sonatype, the leader in automated open source governance and application security, and Micro Focus, creator of Fortify Application Security Portfolio, announced an expanded strategic ...
READ MORE >
Today’s guest is Derek Weeks, VP and DevOps Advocate at Sonatype. The discussion today highlights what has happened to software development in the past ten years. Rather than taking a project and ...
READ MORE >
On this podcast, Curtis Yanko, Technical Director, Alliances and Partners at Sonatype discusses how the Nexus Platform helps customers automate open source governance so they can build software the ...
READ MORE >
In 2010, a 7.0-magnitude earthquake devastated Haiti. The quake killed an estimated 230,000 people and sparked a massive global assistance response. We all remember this tragedy. Yet, six weeks later, ...
READ MORE >
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where ...
READ MORE >
Multiple agencies across the U.S. government are paying closer attention to the software they are buying. More specifically, they want to know what open source and third party components were used to ...
READ MORE >
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software.
READ MORE >
Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times ...
READ MORE >
Responsibility for secure open source software is, well, complicated. Some believe open source is more secure than proprietary software because, as Linus’s Law says, “Given enough eyeballs, ...
READ MORE >
Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application ...
READ MORE >

Resources

Datasheet

Nexus Auditor will allow you to monitor security vulnerabilities and third party apps. Download this datasheet to know you can manage and protect your open source risks.

Stop open source risks from the start. Learn how you can keep and create open source policies and reduce risk with Nexus Firewall.

Nexus Lifecycle Foundation provides visibility into open risk source before it’s too late. Find out how you can provide the most advanced remediation guidance.

Nexus Responsibility Pro provides a central platform to build artifacts and saves you money. Click to find how you can improve reliability fast.

Eliminate open source risk around the whole SDLC. Click to find out how you can save money and protect your open source choices, without have to reintegrate new technology.

E-Book

Using open source libraries to build application is a no brainer, but always choosing the best open source libraries requires a helping hand. In this eBook, we’ll explore how to leverage the Nexus Platform so that you can improve security and implement quality and secure open source components.

Resources

LONDON – DevOps Enterprise Summit - June 25, 2019 --Sonatype today released its fifth annualState of the Software Supply Chain Report. This year’s report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past...

BOSTON - Red Hat Summit – May 7, 2019 - Sonatype, the inventors of software supply chain automation, announced new capabilities for Red Hat Quay enterprise container registry enabling modern organizations to automate and enforce open source governance policies in the containerized applications the...

Fulton, Md. – March 21, 2019 – Sonatype, the inventors of software supply chain management, today announced a partnership with HackerOne, the leading hacker-powered security platform, to create The Central Security Project (CSP). The first-of-its-kind program brings together the ethical hacker a...