• Booklet: Raise the B.A.R.R. on Open Source Components. Ban Avoidable Risk & Rework

    Open source is at the center of today's software and is essential for innovation and efficiency. But is all open source a safe source?

    More than 58 million known vulnerable components were downloaded in the past year -- even when safer versions are available. It's no surprise that a recent survey revealed that 33% of organizations had or suspected an open source-related breach.

    Why build known vulnerabilities into your software, then spend even more time to get them back out? This booklet describes the six most Common Vulnerability Types (CVTs), ways to avoid open source risk and a free tool you can use to create a "bill of materials" of all the components in an application and identify known security, license and quality risks.

  • Product Overview: Nexus Repository Management

    The use of repository managers—also known as component managers—is helping software development teams achieve significant gains in speed, efficiency, and quality. As the de facto industry standard, learn how Nexus OSS, Nexus Pro and Nexus Pro CLM Edition are used to organize artifacts, improve collaboration across teams, and source the highest quality components for use in their applications.

  • The RANT: Don't Drink Sour Milk, and other Avoidable Risks in the New World of Application Security

    What does sour milk have to do with application safety and security? This intriguing storybook describes the new world of assembled development using open source and third party components, many of which are used long past their "freshness" date. For example, last year more than 51 million vulnerable open source components were downloaded for use in today's applications. And 33% of developers report a breach in an open source component. Good news is that the solution to this avoidable risk is amazingly simple.
  • Sonatype CLM Key Capabilities: Five Reasons Organizations Choose Sonatype Component Lifecycle Management (CLM)

    Here's a quick one page summary of the five reasons Sonatype CLM is the global leader in open source risk management, including identifying components, early remediation, policy automation, management dashboards and continuous monitoring.
  • Executive Brief: We Make It Easy To Build Trusted Software and Keep It That Way Over Time

    If your organization develops applications, you're probably using third party software components. In fact, research shows that 90% of an average application is assembled with components instead of source code, the majority of which are open source software downloaded from public repositories, such as the (Maven) Central Repository.
  • eBook: The Sonatype Story. Go Fast. Be Secure.
    Also available in ePub format!

    A true story of how Development and Security came together to fix the risk in open source. See how the story ends!

  • Free Assessments: Assess Your Current Risk With Your Choice of Three Free Reports

    Sonatype offers three free ways to assess your component risk, including a Snapshot of what’s been downloaded, a view of components in your repository and an assessment of existing vulnerabilities in your applications.

  • Product Tour: Component Lifecycle Management (CLM)

    Reduce risk in your critical applications by managing the software supply chain. Sonatype CLM provides the support needed by the development, security, operations and legal/compliance teams.

  • Product Tour: Nexus Pro Repository Manager

    Reduce build times, improve collaboration and enhance control of your component-based development efforts.

  • Product Overview: CLM for Risk

    Use Component Lifecycle Management (CLM) for Risk to quickly and precisely identify security, license and quality risk across your applications.

  • Product Overview: From Nexus to Component Lifecycle Management

    This product overview is a great resource for any current Nexus or Nexus Pro user interested in expanding their repository strategy to include full governance with Component Lifecycle Management (CLM)

  • Product Overview: Nexus Pro CLM Edition

    Nexus Pro CLM Edition improves the visibility and control of your component- based development by analyzing the content of your application builds and automatically controlling the release process using security, licensing and quality criteria.

  • Product Overview: Ten Reasons to Go Pro (Nexus Pro)

    Can’t decide between Nexus Open Source and Sonatype Nexus Professional (Nexus Pro)? Learn key differences between Nexus OSS and Nexus Pro, including ten key factors to consider.

  • Free Trial: Nexus Pro

    Three steps and five minutes is all it takes to start a 14-day free trial of Nexus Pro, the world’s leading repository manager.

  • Knowledge Base: Configure Maven to Deploy to Nexus

    To configure a Maven project to publish artifacts to Nexus, you'll need to add a distribution management element to your project's pom.xml. Learn more in this step-by-step guide.

  • Knowledge Base: Configure Maven to Download from Nexus

    If you are adopting Nexus for internal development you should configure a single Nexus group which contains both releases and snapshots. Learn more in this step-by-step guide.