<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 ">

What We Learned from Studying 36,000 OSS Projects | Press Release

Nexus Intelligence

The whole truth about open source risk.

Try It Now   DATA SHEET

Expert Research Powers the Nexus Platform

SON_Nexus_Intelligence_Page_Refresh_coverage.2@2x

More Coverage.

70% more vulnerabilities than alternative databases.

SON_Nexus_Intelligence_Page_Refresh_faster_results.2@2x

Faster Results.

10x Faster than National Vulnerability Database.

SON_Nexus_Intelligence_Page_Refresh_expertise.2@2x

More Expertise.

65 world class professionals with 500+ years of experience.

The difference is simple.

Better Identification

Scan apps "as deployed" - not "as declared." Identify true risk by verifying ALL embedded dependencies.
Examine fingerprints - not file names and package manifests. Precisely identify risk with Advanced Binary Fingerprints (ABF).
Report real risk - not false alarms. Spend more time fixing actual bugs and less time chasing false positives.

Better Knowledge

Above and beyond public data. Get details on complete universe of open source vulnerabilities.
Super fast and always on. Learn about new open source vulnerabilities faster than anyone else.
Designed for developers. Give developers exactly what they want - actionable guidance to remediate open source risk.
EdwinK

“It has given us visibility into security issues and made us more proactive in dealing with things. It scans and gives you a low false-positive count.” 

— EDWIN K., IT CENTRAL STATION REVIEW

Dig Deeper to Identify the Truth

SON__Nexus_Intelligence_Images_strata-layers@2x

Avoid fake news, analyze deployed dependencies.

Alternative tools are prone to false positives and negatives because they scan apps “as declared” and trust developers to disclose the truth about dependencies embedded in software.

Nexus scans apps “as deployed” utilizing Advanced Binary Fingerprinting (ABF). The result is a precise read on embedded dependencies and a Software Bill of Materials (SBOM) that reflects the truth about third-party risk. ABF identification utilizes cryptographic hash for binaries, structural similarity, derived coordinate, and file name.  It can even identify renamed or modified components whether they were declared or not, misnamed, or added to the code base manually.

Nexus Intelligence

SON__Nexus_Intelligence_Images_nexus@2x

Go above and beyond public data sources.

Public databases like NVD provide a relatively small and typically outdated view of open source security vulnerabilities.

Nexus Intelligence however, delivers a universal and timely understanding of open source security risk.  It has ingested and analyzed more than 65 million components and it never stops learning, using natural language processing to dynamically monitor every GitHub commit to every open source project, advisory websites, Google search alerts, OSS Index, and a plethora of vulnerability sites.  Additionally, new vulnerabilities are regularly discovered by our own researchers and added to our proprietary knowledge-base.

Nexus Intelligence also see things that others simply can't, continuously gaining insight from more than 4 million instances of Nexus Repository Manager, and from 146 billion components requested annually from The Central Repository.


Intellegence_ScreenShot@2x

Remediate faster with expert guidance designed for developers.

Whenever new vulnerabilities are disclosed or discovered our team immediately validates the exploit path, identifies the root cause, and creates actionable information to help organizations (and development teams) evaluate, triage, and remediate threats faster than adversaries can attack. Guidance is carefully curated and written for easy consumption by frontline software developers. Instead of cryptic security alerts that are difficult to decipher, Nexus Intelligence provides developers step-by-step instructions on how to detect and remediate the vulnerability, including upgrade path and the root cause, relative risk of other component versions, and workarounds to avoid refactoring code.

Nexus Intelligence Insights

SON__Nexus_Intelligence_Images_gauge@2x

Learn more with “Secondary Expansion.”

Nexus Intelligence is the only security research service that actively practices “secondary expansion,” an extra level of investigation to determine if newly discovered vulnerabilities are also present and exploitable in other components. It’s important to go the extra mile because it's common for open source projects to borrow code from other projects. Simply stated, if a single vulnerability exists in multiple libraries, we automatically let you know. Over the past 5 years, we've associated vulnerabilities to 3 million more components than public databases. Learn more about the npm event stream attack and how we identified additional vulnerable components via secondary expansion.

 

SON__Nexus_Intelligence_Images_gauge@2x

Understand threats faster.

Whenever new open source vulnerabilities are disclosed, criminals immediately begin looking for opportunities to exploit them in the wild. As a result, it’s literally a race between “bad guys” and “good guys” to see who acts first. Companies lose when bad actors are able to exploit open source vulnerabilities faster than they can remediate them.

When it comes to managing the constantly evolving security threats within open source, speed is absolutely critical. That’s why Nexus Intelligence works 24x7x365 to stay abreast of the changing threat landscape and publishes detailed information on new vulnerabilities 10X faster than NVD.

SON__Nexus_Intelligence_Images_community@2x

Trust in community credibility.

From our humble beginning as core contributors to Apache Maven, to supporting and maintaining the Central Repository, OSSIndex, and the Central Security Project, we’ve long played a meaningful role in helping the global community of software developers embrace the power of open innovation.  We're passionate about the community and we're dedicated to providing premium security research to help owners and consumers of open source projects minimize risk and maximize value.

Learn More

Learn More 1@2x
Don't take our word for it, see for yourself how our data stacks up against the competition.
Learn More 2@2x
Discover why accurate data is critical to securing open source code.
Learn More 3@2x
Take a test drive of our data and see for yourself if there are vulnerabilities lurking in your application.

Ready to Try Nexus Products?