Sonatype is the leader in software supply chain automation technology with more than 300 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit, or connect with us on Facebook, Twitter, or LinkedIn.

Nexus Lifecycle
Continuously remediate open source risk across your SDLC

  • Control: Define open source component policies by organization, team, and application type.
  • Automate: Automatically and contextually enforce policies across your entire DevOps pipeline.
  • Integrate: Continuously visualize component intelligence within your favorite tools (including Nexus and Artifactory).
  • Customize: Pair component intelligence with in-house apps using supported REST APIs.

Nexus Firewall
Stop risky open source components from entering the SDLC

  • Automatically block unwanted Java, JavaScript, PyPi, RubyGems, and RPM components from entering your software supply chain.
  • Improve application hygiene and protect repositories, including staging and release.
  • Automatically prevent risky components from entering your applications.

Nexus Auditor
Monitor production applications for OSS risk

  • Document the parts inside your software or COTS applications with a detailed software bill of materials.
  • Automatically pinpoint open source security vulnerabilities, license risk, and quality concerns.
  • Remediate risk in the blink of an eye and quickly identify components that violate your open source policies.
  • Receive notifications when unwanted components are identified in evaluated applications.
  • Contextually waive policy violations as appropriate.

Nexus Repository Manager
Expert flow control for binaries, build artifacts, and release candidates.

  • Manage components, build artifacts, and release candidates in one central location.
  • Understand component security, license, and quality issues.
  • Modernize software development with intelligent staging and release functionality.
  • Scale DevOps delivery with high availability and active/active clustering.
  • Sleep comfortably with world-class support and training.
Contract Name Contract Number Sector State
SEWP V Group A: NNG15SC07B; Group D: NNG15SC98B Federal