Application Health Check

Start here. Create a 'bill of materials' inventory of your open source and proprietary components. Identify known vulnerabilities.

  • A free community service from Sonatype, Inc.
  • Trusted by 3500+ AppDev, DevOps, legal & security teams.
  • Confidentially and quickly analyze your java open source and third party components.
  • Create a "bill of materials" inventory of precisely which components are used and where.
  • Discover all component dependencies and known vulnerabilities or license risks.
  • Discover potential component quality concerns – such as restrictive GPL licenses and age.
  • Ideal for Cyber Supply Chain Act initiatives, or regulatory or compliance mandates.

Get Started. Be done in five minutes.

Windows download

.zip download - includes JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Mac download

.tgz download - includes JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Windows/Linux download

.jar download - requires JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Attention: Java version 1.7 or higher must be installed first in order to run this software. Safari users, please be sure your browser does not automatically unzip files. Windows users, please unzip and run the .exe file inside to run the application.

Six ways to use this tool.

Software 'Bill of Materials'

A complete inventory of components and dependencies in your applications.

Check your "OSS Policy"

See if your open source policy is actually working to prevent vulnerabilities.

Reduce technical/security debt

Reduce future unplanned work, break-fixes and context switching.

Search for newly announced vulnerabilities

About 50 new component vulnerabilities are found daily. Are your applications affected?

Comply with government or industry guidelines

Been told to avoid using known cyber vulnerabilities? See what you're using now.

Quality checks on outsourced development

Double-check the software quality from outsourced developers or Independent Software Vendors (ISV).

Ready to check an application? Get started now.

Windows download

.zip download - includes JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Mac download

.tgz download - includes JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Windows/Linux download

.jar download - requires JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Attention: Java version 1.7 or higher must be installed first in order to run this software. Safari users, please be sure your browser does not automatically unzip files. Windows users, please unzip and run the .exe file inside to run the application.

 

How does the Application Health Check work?

Watch the video.

Step One

Download the analysis tool to your desktop. Neither Sonatype, nor any other organization, will ever have access to your code.

Step Two

After installation, select a java application (jar, war, ear file, etc.), create a report name, username and password. Start scan. Or you can first scan a sample application.

Step Three

Within minutes, a link to your summary report will be delivered to your email address. Use the user name and password you defined to access your confidential report.

Step Four

Your summary report tells you the total number of components, and how many have known security vulnerabilities or restrictive licenses.

Step Five

If desired, you can request a the full bill of materials report with a detailed list of components, including dependencies, and information regarding licenses, age, and known vulnerabilities.

Step Six

Use this Guide to your Application Health Check to understand the data in your analysis. Or contact us for further assistance.

Your analysis is quick to run and easy to review. See a sample.

  • Summary - Receive a high level summary of the number of components identified, as well as the number and severity of policy, security and license alerts for your components.
  • Security Details - Review and investigate any security vulnerabilities found in your application. See CVSS threat levels, link to the original CVSS, identify the group and the precise artifact and version.
  • License Details - Review and investigate any restrictive licenses found in your applications. License threats are sorted and color coded by severity. See the group, artifact and version.

See a full sample

Get Started. Be done in five minutes.

Windows download

.zip download - includes JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Mac download

.tgz download - includes JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Windows/Linux download

.jar download - requires JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Attention: Java version 1.7 or higher must be installed first in order to run this software. Safari users, please be sure your browser does not automatically unzip files. Windows users, please unzip and run the .exe file inside to run the application.

Who is Sonatype?

Sonatype has a long history of accelerating open source usage. As the stewards of the Central Repository, the creators of the Apache Maven project and the distributors of the Nexus repository managers, Sonatype has supported the adoption of open source by more than 11 million developers worldwide.

Today, Nexus repository managers are preferred 5:1 over all other brands and Nexus Lifecycle has fast become the world-leading choice for robust software supply chain automation to keep known open source vulnerabilities and restrictive licenses out of today's software. Nexus Auditor automates the process of monitoring applications, updating the bill of materials and alerting stakeholders of newly discovered risk.

Sonatype is trusted and respected across the industry. Read about us.

 

Ready to check an application? Get started now.

Windows download

.zip download - includes JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Mac download

.tgz download - includes JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Windows/Linux download

.jar download - requires JRE
Checksums & Signatures: SHA1   ASC   MD5   ASC MD5

Attention: Java version 1.7 or higher must be installed first in order to run this software. Safari users, please be sure your browser does not automatically unzip files. Windows users, please unzip and run the .exe file inside to run the application.