<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 ">

What We Learned from Studying 36,000 OSS Projects | Press Release

Secure your GitHub projects with

SON_DepShield_logo_white@2x

Automatically identify vulnerabilities within open source dependencies.

 

INSTALL DEPSHIELD

Sonatype + GitHub = Secure Open Source

placeholder-1196x598.png
Powered by Sonatype OSS Index. Free for public and private repos.
placeholder-1196x598.png
Continuously monitors projects and auto-creates issues for security vulnerabilities.
placeholder-1196x598.png
Available for Apache Maven, Node.js npm, and Go projects.
Screen Shot 2018-07-23 at 2.21.54 PM
View a list of known security vulnerabilities within GitHub’s Issue Tracker.

Screen Shot 2018-07-23 at 2.23.20 PM

Click on issue to view vulnerability details including CVE and CVSS.

Screen Shot 2018-07-23 at 2.29.27 PM
Determine vulnerable version ranges on each vulnerability.

What's the difference between DepShield and Nexus?

Screen Shot 2018-08-14 at 9.42.24 AM

DepShield is powered by Sonatype OSS Index

Sonatype DepShield is powered by Sonatype OSS Index which is based on vulnerability data derived from public sources and does not include human curated intelligence nor expert remediation guidance. Software development teams with requirements for fully automated open source governance powered by precise, curated, and actionable intelligence should investigate the Nexus Platform.

NexusFirewall_Icon
Nexus Firewall
Stop bad parts at the front door.

Learn More

NexusLifecycle_Icon
Nexus Lifecycle
Continuously analyze quality and security.

Learn More

NexusRepo_Icon@3x
Nexus Repository
Organize, store, and distribute parts.

Learn More

Ready to Try Nexus Products?

Sonatype, A Better Way to Build