Sonatype Delivers Premium Open Source Controls to GitHub | Press Release


and the Nexus Platform

Instrumentation and process automation software leverages the Nexus Platform

Endress-Hauser and the Nexus Platform



  • Unmonitored open source library downloads
  • Manual selection and tracking process for open source usage
  • Inability to track and monitor deployed components


  • Nexus Lifecycle
  • Bamboo with Maven
  • JIRA
  • HP Fortify
  • SonarQube


  • Automated analysis of open source libraries for security vulnerabilities
  • Continuous monitoring of open source libraries for new security
  • Overview of all used open source libraries and versions
  • Ability to track and monitor deployed components
"We evaluated Black Duck, Veracode and Nexus Lifecycle. My colleagues and I chose Nexus Lifecycle because it is the best solution for what we are trying to do: remove all critical findings before they reach production."

Lars Brößler, Senior Software Developer
Read the full story