<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 ">

What We Learned from Studying 36,000 OSS Projects | Press Release

Secure your GitHub projects with


Automatically identify vulnerabilities within open source dependencies.



Sonatype + GitHub = Secure Open Source

Powered by Sonatype OSS Index. Free for public and private repos.
Continuously monitors projects and auto-creates issues for security vulnerabilities.
Available for Apache Maven, Node.js npm, and Go projects.
Screen Shot 2018-07-23 at 2.21.54 PM
View a list of known security vulnerabilities within GitHub’s Issue Tracker.

Screen Shot 2018-07-23 at 2.23.20 PM

Click on issue to view vulnerability details including CVE and CVSS.

Screen Shot 2018-07-23 at 2.29.27 PM
Determine vulnerable version ranges on each vulnerability.

What's the difference between DepShield and Nexus?

Screen Shot 2018-08-14 at 9.42.24 AM

DepShield is powered by Sonatype OSS Index

Sonatype DepShield is powered by Sonatype OSS Index which is based on vulnerability data derived from public sources and does not include human curated intelligence nor expert remediation guidance. Software development teams with requirements for fully automated open source governance powered by precise, curated, and actionable intelligence should investigate the Nexus Platform.

Nexus Firewall
Stop bad parts at the front door.

Learn More

Nexus Lifecycle
Continuously analyze quality and security.

Learn More

Nexus Repository
Organize, store, and distribute parts.

Learn More

Ready to Try Nexus Products?

Sonatype, A Better Way to Build