Sonatype helps government agencies build better software, faster. Like a supply chain, applications are built by assembling open source and third party components from a wide variety of public and proprietary sources. While assembling software from existing components is faster and more efficient than custom coding every feature, the flow of components into and through an organization introduces complexity and potential risk, breaches and rework.

By eliminating unnecessary complexity, inefficiency, rework and manual effort across the software life cycle, organizations accelerate development while also increasing efficiency and quality.


  • Nexus Lifecycle
    Get precise intelligence about open source components throughout your entire software supply chain.
    • Create and customize a range of automated policies to deal with unwanted open source components.
    • Set rules for component usage by organization, team, and application.
    • Integrate directly into development tools like Eclipse, IntelliJ, Jenkins, Bamboo, SonarQube and many more
  • Nexus Firewall
    Automatically stop risky components from entering your software supply chain.
    • Instantly see every open source component flowing into your organization
    • Stop, analyze, and selectively admit components
    • Define and enforce policies for open source component usage
    • Keep production apps safe from risky components
  • Nexus Auditor
    Know immediately the quality and risk associated to the open source components used in your applications
    • Launch on-demand evaluations via an intuitive user interface or directly from the command line
    • Get detailed evaluation reports that's been vetted by Sonatype experts and pinpointed down to the component and any transitive dependencies
    • Continuously monitor applications in production
  • Nexus Repository Pro
    The enterprise-grade solution for managing, organizing and distributing software components.
    • Get a detailed list of security vulnerabilities and license compliance issues for any open source components found inside your repositories
    • Give distributed teams the speed and efficiency of an intelligent component warehouse
    • Most reliable highly available source for all open source components
    • Includes enterprise support and access to an expert support team


GSA Schedule Contracts

GSA Schedule 70

GSA Schedule 70 GSA Schedule No. GS-35F-0119Y Term: December 20, 2011- December 19, 2021

SEWP Contracts


Contract Number: Group A Small: NNG15SC03B Group D Other Than Small: NNG15SC27B Term: May 1, 2015 - April 30, 2020


Archived Events


Latest News

Today’s guest is Derek Weeks, VP and DevOps Advocate at Sonatype. The discussion today highlights what has happened to software development in the past ten years. Rather than taking a project and ...
On this podcast, Curtis Yanko, Technical Director, Alliances and Partners at Sonatype discusses how the Nexus Platform helps customers automate open source governance so they can build software the ...
In 2010, a 7.0-magnitude earthquake devastated Haiti. The quake killed an estimated 230,000 people and sparked a massive global assistance response. We all remember this tragedy. Yet, six weeks later, ...
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where ...
Multiple agencies across the U.S. government are paying closer attention to the software they are buying. More specifically, they want to know what open source and third party components were used to ...
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software.
Sonatype, the Nexus company and a continuous delivery leader, today announced that its Nexus repository manager usage has doubled in the last 18 months (July 2013 to February 2015.) With five times ...
Responsibility for secure open source software is, well, complicated. Some believe open source is more secure than proprietary software because, as Linus’s Law says, “Given enough eyeballs, ...
Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a free Application ...


SELECT Resource_ID, Title, Vendor, Vertical, Type, DateAdded, Path, Linktype, InvisibleBit, FeaturedEnd, FeaturedBit, Description, CustomLogo, LegacyLink, Form FROM Resources WHERE Vendor = ? AND InvisibleBit = 0 ORDER BY FeaturedBit DESC, Type ASC


Learn how Nexus Lifecycle gives you full control over your software supply chain and allows you to define rules, actions, and policies that work best for your organization and teams.

At the heart of Nexus Firewall is the IQ Server, which provides fully-customizable policy management for identifying and protecting your repositories, as well as detailed intelligence regarding each and every component it finds. Learn more about how the Nexus Firewall allows you to set and automate ...


For government development teams operating inside private networks, the NDE provides a local copy of the Central Repository combined with continuous component intelligence to eliminate security vulnerabilities and ensure government applications consist of only the highest quality open source compone...

Software developers use open source and third party components to be more competitive and speed time to innovation. Because of this, open source usage is massive and it's growing. Over 7,000 new projects and 70,000 open source components (versions) are released each week and in 2016 alone, there wer...

Information security architects must integrate security at multiple points into DevOps workflows in a collaborative way that is largely transparent to developers, and preserves the teamwork, agility and speed of DevOps and agile development environments, delivering "DevSecOps."

Sonatype Component Fabric: To meet the demands of modern software development, Sonatype created a new version of Nexus Repository Manager. This time with integrated high availability, powered by a new technology we like to call Component Fabric.

Nexus Repository Pro is powered by Repository Manager, the same technology found in our OSS version with more than 100,000 installations world-wide.

We help Federal agencies accelerate software innovation and automatically control risk.

Stay updated on the latest news from the makers of Nexus.

Gartner report states:Make OSS software module identification, configuration and vulnerability scanning a priority in 2016 and 2017. Traditional static application security testing (SAST) and dynamic application security testing (DAST) are too heavyweight, complex and won't work or scale for DevSecO...