<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 ">

Sonatype & HackerOne Team Up to Make Open Source Safer Press Release

Nexus Intelligence

Everything you need to know about open source

Try It Now  

Explore the Nexus Difference

Remediation Data Security Data Component Data Architecture Data Crowd Data License Data
Remediation Data Security Data Component Data Architecture Data Crowd Data License Data
Component Identification

Nexus Intelligence: Advanced Binary Fingerprinting (ABF) precisely identifies components via cryptographic hash, structural similarity, derived coordinate, and file name.

Competitors: Identify components using file name and/or package manifest which contributes to false positives / negatives.

Remediation Data

Nexus Intelligence: Our Automated Vulnerability Detection (AVD) engine runs 24x7x365 and combines with 65 human security experts to monitor public, private, and crowd data for new open source vulns. New critical vulns are itemized, associated to component versions, and published with dev-friendly and actionable remediation guidance within 6 hours.

Competitors: Monitor public data sources for new vulns and only identify a portion of risk as it emerges. Resource constrained teams perform limited research on new vulns leading to inadequate remediation guidance.

Security Data

Nexus Intelligence: Premier source of open source risk and developer-friendly remediation guidance consists of:

  • 4M Unique vulns

  • 1.4M Sonatype identified

  • 3% Public data (ex. NVD)

  • 97% Proprietary data

Competitors: Commodity sources of open source risk with limited remediation guidance.

Component Data

Nexus Intelligence: Operates at enormous scale with highly curated intelligence on:

  • 2M Unique Projects

  • 31M Components

  • 8B Files

  • 97% of GitHub Commits

  • All Major Ecosystems

Competitors: Operate at smaller scale with partially curated intelligence.

Architecture Data

Nexus Intelligence: Offers empirical perspective on open source project hygiene and architectural concerns, including:

  • Popularity

  • Age

  • Release history

  • Usage patterns

Competitors: Offer limited to no insight.

Crowd Data

Nexus Intelligence: Informed by opt-in and anonymized data aggregated from 1.5m developers and 180,000 instances of Nexus Repository Manager, generating deeper insights into developer patterns and organizational practices.

Competitors: Blind

License Data

Nexus Intelligence:  Deep licensing visibility including:

  • 211K Weak-Copyleft

  • 859K Copy-left

  • 177K Banned

  • 1.6M Non-Standard

  • 42K Commercial

  • 17M Liberal

Competitors: Adequate licensing visibility.

Compare Nexus Intelligence


The Nexus Platform
Powered by Superior Intelligence

Automatically enforce open source policy early, everywhere, at scale.  Empower your development teams to release faster and control risk.



Confidently quarantine bad parts from entering your software supply chain. Learn more. 



Automate open source governance at scale with precise and actionable intelligence. Learn more. 



Analyze the quality of components inside your parts warehouse. Learn more. 

Nexus Intelligence Insights
Ready to Try Nexus Products?