Getting Started with Sonatype

Your Trusted Partner for Open Source Governance, Management and Compliance

Does your organization develop applications? Then you are probably using third party software components - whether you realize it or not - and you've come to the right place. In fact, research shows that 90% of an average application is assembled with third party components instead of source code, the majority of which are open source software downloaded from public repositories, such as the (Maven) Central Repository.

Open source now comprises 90% of most applications

Open source has clearly fueled a lot of innovation in recent years, however open source usage can be hard to manage and also introduce your organization to unnecessary risk.

Sonatype’s mission is to accelerate open source usage while reducing risk

Sonatype makes it easy to build secure applications – and keep them secure over time. As your trusted partner for open source governance, management and compliance, Sonatype helps you leverage all of the benefits of open source – while minimizing potential risk associated with security, licensing and quality issues.

Our unique approach is designed to work in the real-world

To ensure our products work in the “real-world,” Sonatype products focus on empowering developers to naturally and easily avoid components with known vulnerabilities. And as a result, you avoid approaches that end up slowing down developers while vastly improving your ability to avoid the types of security, license and quality risks that make headlines every week.

Sonatype Products At-A-Glance
Product Options

Nexus Repository Managers enable development teams to enjoy the benefits of agile component-based development in a streamlined and structured environment.

Nexus OSS

A basic repository manager to improve developer productivity by reducing build times; providing a central location to store, manage and share components across developers and teams, and the ability to observe, manage & govern components using a repository-centric model. Learn more.

Nexus Pro

An enterprise class repository manager including enhanced features and support, including:
  • Greater visibility into the components in your repository
  • Proxy-based architecture to store, share and manage components across the enterprise
  • Ability to secure the contents of your repository with access controls and secure connectivity
  • Ability to expand support beyond Java to .NET

Learn more.

Nexus Pro CLM Edition

An upgrade to the Nexus Pro repository manager to govern component usage in your build and release process. Allows you to augment Nexus Pro staging and promotion support with policies that will ensure applications meet security, licensing and architecture standards before they advance through the release management process. Learn more.

Component Lifecycle Management provides a new way to identify, manage and monitor every component and its dependencies throughout the software lifecycle. CLM enables organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks.

Sonatype CLM for Risk

A Component Lifecycle Management (CLM) solution to help you quickly and proactively identify the component security, licensing and architecture risk of your current applications - especially applications that are already in production, including:
  • Create a full "bill of materials" (BOM) for every applications and a consolidated inventory of all components used in all applications
  • Ability to identify and visualize overall security, license and quality risk at both the component level and at the application level
  • Continuously and automatically monitor for new risks or a change in existing risk level, including risk alerts and an inventory of precisely which applications are at risk.

Learn more.

Sonatype CLM for Risk & Remediation

A complete Component Lifecycle Management (CLM) solution to achieve comprehensive and lasting governance across the entire software lifecycle. Includes Nexus Pro and CLM for Risk, plus the ability to:
  • Find and fix risky components early in the development process using the tools developers use every day.
  • Centralize, automate and enforce policies to ensure license and security risks are managed throughout the software lifecycle
  • Precisely identify and track all components used in your organization, from consumption to production
  • Truly achieve defense-in-depth by enforcing policy across multiple points throughout the entire software development lifecycle
  • Streamline DevOps efforts with release management policies
  • Manage a complete component inventory in development & production applications
  • Proactively and continuously monitor applications for new vulnerabilities to ensure sustained trust

Learn more.