What We Learned from Studying 36,000 OSS Projects | Press Release

Secure your GitHub projects with

Artboard 1 copy 3

Automatically identify vulnerabilities within open source dependencies.

 

INSTALL DEPSHIELD

Sonatype + GitHub = Secure Open Source

placeholder-1196x598.png

Powered by Sonatype OSS Index.
Free for public and private repos.

placeholder-1196x598.png

Continuously monitors projects and auto-creates issues for security vulnerabilities.

Lang icon

Available for Apache Maven,
Node.js npm, and Go projects.

Screen Shot 2018-07-23 at 2.21.54 PM
View a list of known security vulnerabilities within GitHub’s Issue Tracker.

Screen Shot 2018-07-23 at 2.23.20 PM

Click on issue to view vulnerability details including CVE and CVSS.
Screen Shot 2018-07-23 at 2.29.27 PM
Determine vulnerable version ranges on each vulnerability.

What’s the Difference Between DepShield and Nexus?

DepShieldvsNexus_desktop-2

 

DepShield is Powered by Sonatype OSS Index

Sonatype DepShield is powered by Sonatype OSS Index which is based on vulnerability data derived from public sources and does not include human curated intelligence nor expert remediation guidance. Software development teams with requirements for fully automated open source governance powered by precise, curated, and actionable intelligence should investigate the Nexus Platform.

NexusFirewall_Vertical
Stop bad parts at the front door.

Learn More

NexusLifecycle_Vertical
Continuously analyze quality and security.

Learn More

NexusRepo_Vertical
Organize, store, and distribute parts.

Learn More

Ready to Try Nexus Products?

Sonatype, A Better Way to Build