Nexus accurately identifies 99% of open source components. Competitors accurately identify only 15% and overwhelm teams with false positives and negatives. Sonatype's precise identification is powered by our patented Advanced Binary Fingerprinting (ABF) which matches components by Cryptographic Hash, Structural Similarity, Derived Coordinate, and File Name. Depending on the ecosystem, Nexus utilizes one or more methods to precisely identify each and every open source component.
30,000 new packages analyzed every day.
Nexus uses proprietary machine learning and artificial intelligence to analyze more than 25 million components from millions of open source projects in real-time. We analyze every single GitHub event for every open source project every day. We monitor advisory websites, Google search alerts, NVD, OSS Index, vulnerability sites, etc. We gain insight from 150,000 organizations using the Nexus Repository and we're constantly learning from the billions of downloads from the Central Repository.
811,200 hours of research by security experts.
Sonatype began researching open source security vulnerabilities and license risk in 2011. Since then, our research team has grown to 65 experts worldwide. This incredible team analyzes open source security vulnerabilities all day everyday. We do the heavy lifting so you and your developers don't have to.
Reduce MTTR from 6 weeks to 6 seconds.
Because we hail from the developer tribe -- we author step-by-step remediation guidance to help real world developers reduce Mean Time to Repair (MTTR) and innovate faster.
Sonatype Data Research
Trust Your Data
Nexus intelligence is 99% accurate and immune to false positives/negatives that plague competing solutions.
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759 Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102 Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia London Office - 1 Primrose St, London EC2A 2EX