• slide
  • slide
  • slide

Overview

Sonatype helps government agencies build better software, faster. More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline.

Products

  • Nexus Lifecycle

    Continuously remediate open soruce risk across your SDLC

    • Control: Define open source component policies by organization, team, and application type.
    • Automate: Automatically and contextually enforce policies across your entire DevOps pipeline.
    • Integrate: Continuously visualize component intelligence within your favorite tools (including Nexus and Artifactory).
    • Customize: Pair component intelligence with in-house apps using supported REST APIs.
  • Nexus Firewall

    Stop risky open source components from entering the SDLC

    • Automatically block unwanted Java, JavaScript, .Net, PyPi, RubyGems, and RPM components from entering your software supply chain.
    • Improve application hygiene and protect repositories, including staging and release.
    • Automatically prevent risky components from entering your applications.
  • Nexus Auditor

    Monitor production applications for OSS risk

    • Document the parts inside your software or COTS applications with a detailed bill of materials.
    • Automatically pinpoint open source security vulnerabilities, license risk, and quality concerns.
    • Remediate risk in the blink of an eye and gain first mover advantage.
    • Send notifications when unwanted components are identified in evaluated applications.
    • Contextually waive policy violations as appropriate.
  • Nexus Repository

    Expert flow control for binaries, build artifacts, and release candidates.

    • Manage components, build artifacts, and release candidates in one central location.
    • Understand component security, license, and quality issues.
    • Modernize software development with intelligent staging and release functionality.
    • Scale DevOps delivery with high availability and active/active clustering.
    • Sleep comfortably with world-class support and training.

Contracts

Federal

GSA Schedule 70

GS-35F-0119Y
Dec 20, 2011- Dec 19, 2021

SEWP V

NNG15SC03B/NNG15SC27B
May 01, 2015- Apr 30, 2025

State and Local

CMAS

3-12-70-2247E
Aug 28, 2012- Mar 31, 2022

City of Seattle Contract

0000003265
Jul 11, 2014- Dec 19, 2021

Department of General Services PA - Symantec

4400004253
May 01, 2009- Dec 19, 2021

Pennsylvania COSTARS-6 IT Software Contract

COSTARS-006-176
Aug 31, 2017- Aug 31, 2021

State of Indiana Contract

0000000000000000000021430
Aug 01, 2017- Jul 31, 2021

State of New Mexico Contract

80-000-18-00002
Aug 01, 2017- Aug 01, 2021

Texas DIR-TSO-3854

DIR-TSO-3854
May 25, 2017- May 25, 2021

Education

Massachusetts Higher Education Consortium (MHEC)

MC15-04
Aug 10, 2019- Jun 30, 2022

VASCUPP

UVA1482501
May 02, 2014- Dec 19, 2021

Events

Past Events

ATARC DevOps Summit - March 12, 2019

AFCEA Spring Intelligence Symposium - March 19-20, 2019

ATARC Federal RSA - March 26, 2019

International Conference on Cyber Engagement - April 23, 2019

GDIT Emerge 2019 - April 23, 2019

Archived Events

News

Latest News

Sonatype released a commissioned study conducted by research of organizations using the Nexus Platform and their ROIs and more increased profits.
READ MORE >
January 29, 2019
Sonatype, the Nexus company and a continuous delivery leader, today announced that Equifax Inc. has selected Sonatype’s Nexus platform to manage and monitor its application ...
READ MORE >
Sonatype, the leader in automated open source governance, announced it has been recognized as one of five “large” SCA Specialists in Forrester Research’s new Now Tech: Software Composition ...
READ MORE >
All Day DevOps and Sonatype partnered to host the largest conference of high quality educational content to more than 1 million IT professionals to focus on DevOps.
READ MORE >
Sonatype today released its fourth annual State of the Software Supply Chain Report which found that software developers downloaded more than 300 billion open source components in the past 12 months, ...
READ MORE >
Today, Sonatype, the leader in automated open source governance and application security, and Micro Focus, creator of Fortify Application Security Portfolio, announced an expanded strategic ...
READ MORE >
Today’s guest is Derek Weeks, VP and DevOps Advocate at Sonatype. The discussion today highlights what has happened to software development in the past ten years. Rather than taking a project and ...
READ MORE >
On this podcast, Curtis Yanko, Technical Director, Alliances and Partners at Sonatype discusses how the Nexus Platform helps customers automate open source governance so they can build software the ...
READ MORE >
In 2010, a 7.0-magnitude earthquake devastated Haiti. The quake killed an estimated 230,000 people and sparked a massive global assistance response. We all remember this tragedy. Yet, six weeks later, ...
READ MORE >
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where ...
READ MORE >
Multiple agencies across the U.S. government are paying closer attention to the software they are buying. More specifically, they want to know what open source and third party components were used to ...
READ MORE >
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software.
READ MORE >
Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times ...
READ MORE >
Responsibility for secure open source software is, well, complicated. Some believe open source is more secure than proprietary software because, as Linus’s Law says, “Given enough eyeballs, ...
READ MORE >
Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application ...
READ MORE >

Resources

Resources

As consumers increasingly expect organizations to offer expanded value and experiences through software applications, businesses must ensure that they are providing not only a differentiated user-friendly experience but a secure one too.

Read about how scaling DevOps through open source governance and software supply chain automation is important for agencies to understand. This survey report highlights successful DevSecOps practices and secure coding, and covers trends in the government.

Read the 2020 State of the Software Supply Chain Report to learn about protecting software supply chains and strengthening the foundations of open source.

Solutions Brief

Asset_1beyond_the_buzz.png
Solutions Brief
Sonatype exists to unite software developers, security professionals, and IT operations. We empower them to continuously identify and remediate open source risk, without slowing down innovation

Whitepaper

By automating RMF security objectives, agencies can operate at the speed of mission and significantly accelerate system delivery and continuous security.Read this whitepaper and learn how to:Maximize automation to help your RMF practices scale, respond, and adjust quickly to application threats. Res...

Take steps to integrate and automate security across the development life-cycle to secure your agency software.

Precise Intelligence is critical when using open source components. In today’s world, understanding what’s in your supply chain is critical to national security.