Product Information

Also, see our complete list of white papers.

Guide to the Sonatype Application Health Check

Gain visibility into the components used in an applications and discover potential security, licensing, and quality problems. The Application Health Check Report generates a software bill of materials to help you quickly spot check your applications and code from your suppliers to obtain an accurate view of their flaws or potential vulnerabilities so you can immediately fix any issues.

Deliver Better, Safer Software Even Faster With Sonatype Software Supply Chain Solutions

Sonatype has been one of the key enablers of modern, component-based development over the last 15 years. Our team has been a driving force behind the creation and adoption of Maven, the Central Repository, the Nexus Repository Manager, and Nexus Lifecycle Management. With millions of developers relying on at least one of our innovations every day, Sonatype has established itself at the nexus of all things critical to today’s continuous soft- ware delivery.

Nexus Repository Management and Nexus Lifecycle for Operations

Discover how IT Operations teams can benefit from a Nexus Repository Manager or Nexus Lifecycle in their organization. Special emphasis on open source and third-party components which form the software supply chain 'parts' used in the majority of your applications.

eBook: Hidden Speed Bumps on the Road to 'Continuous'

As a companion piece for our '2015 State of the Software Supply Chain Report', this ebook explores the hidden complexities in modern software development by drawing analogies to a traditional supply chain. This is a real eye-opener for anyone who cares about development speed, efficiency and quality.

Product Overview: Nexus Auditor

Use Nexus Auditor to quickly and precisely identify security, license and quality risk across your applications.

Product Overview: Nexus Lifecycle

Nexus Lifecycle improves the visibility and control of your component- based development by analyzing the content of your application builds and automatically controlling the release process using security, licensing and quality criteria.

Product Overview: Nexus Repository Management

The use of repository managers—also known as component managers—is helping software development teams achieve significant gains in speed, efficiency, and quality. As the de facto industry standard, learn how Nexus OSS, Nexus Pro and Nexus Lifecycle are used to organize artifacts, improve collaboration across teams, and source the highest quality components for use in their applications.

Booklet: Raise the B.A.R.R. on Open Source Components. Ban Avoidable Risk & Rework

Open source is at the center of today's software and is essential for innovation and efficiency. But is all open source a safe source?

More than 58 million known vulnerable components were downloaded in the past year -- even when safer versions are available. It's no surprise that a recent survey revealed that 33% of organizations had or suspected an open source-related breach.

Why build known vulnerabilities into your software, then spend even more time to get them back out? This booklet describes the six most Common Vulnerability Types (CVTs), ways to avoid open source risk and a free tool you can use to create a "bill of materials" of all the components in an application and identify known security, license and quality risks.

What does sour milk have to do with application safety and security? This intriguing storybook describes the new world of assembled development using open source and third party components, many of which are used long past their "freshness" date. For example, last year more than 51 million vulnerable open source components were downloaded for use in today's applications. And 33% of developers report a breach in an open source component. Good news is that the solution to this avoidable risk is amazingly simple.
Here's a quick one page summary of the five reasons Sonatype CLM is the global leader in open source risk management, including identifying components, early remediation, policy automation, management dashboards and continuous monitoring.
If your organization develops applications, you're probably using third party software components. In fact, research shows that 90% of an average application is assembled with components instead of source code, the majority of which are open source software downloaded from public repositories, such as the (Maven) Central Repository.
Also available in ePub format!

A true story of how Development and Security came together to fix the risk in open source. See how the story ends!

Free Assessments: Assess Your Current Risk With Your Choice of Three Free Reports

Sonatype offers three free ways to assess your component risk, including a Snapshot of what’s been downloaded, a view of components in your repository and an assessment of existing vulnerabilities in your applications.

Product Tour: Component Lifecycle Management (CLM)

Reduce risk in your critical applications by managing the software supply chain. Sonatype CLM provides the support needed by the development, security, operations and legal/compliance teams.

Product Tour: Nexus Pro Repository Manager

Reduce build times, improve collaboration and enhance control of your component-based development efforts.

Product Overview: From Nexus to Component Lifecycle Management

This product overview is a great resource for any current Nexus or Nexus Pro user interested in expanding their repository strategy to include full governance with Component Lifecycle Management (CLM)

Product Overview: Ten Reasons to Go Pro (Nexus Pro)

Can’t decide between Nexus Open Source and Sonatype Nexus Professional (Nexus Pro)? Learn key differences between Nexus OSS and Nexus Pro, including ten key factors to consider.

Free Trial: Nexus Pro

Three steps and five minutes is all it takes to start a 14-day free trial of Nexus Pro, the world’s leading repository manager.

Knowledge Base: Configure Maven to Deploy to Nexus

To configure a Maven project to publish artifacts to Nexus, you'll need to add a distribution management element to your project's pom.xml. Learn more in this step-by-step guide.

Knowledge Base: Configure Maven to Download from Nexus

If you are adopting Nexus for internal development you should configure a single Nexus group which contains both releases and snapshots. Learn more in this step-by-step guide.