Sonatype Introduces Next Generation Dependency Management | Press Release

Secure your GitHub projects with

Artboard 1 copy 3

Automatically identify vulnerabilities within open source dependencies.



Sonatype + GitHub = Secure Open Source


Powered by Sonatype OSS Index.
Free for public and private repos.


Continuously monitors projects and auto-creates issues for security vulnerabilities.

Lang icon

Available for Apache Maven,
Node.js npm, and Go projects.

Screen Shot 2018-07-23 at 2.21.54 PM
View a list of known security vulnerabilities within GitHub’s Issue Tracker.

Screen Shot 2018-07-23 at 2.23.20 PM

Click on issue to view vulnerability details including CVE and CVSS.
Screen Shot 2018-07-23 at 2.29.27 PM
Determine vulnerable version ranges on each vulnerability.

What’s the Difference Between DepShield and Nexus?



DepShield is Powered by Sonatype OSS Index

Sonatype DepShield is powered by Sonatype OSS Index which is based on vulnerability data derived from public sources and does not include human curated intelligence nor expert remediation guidance. Software development teams with requirements for fully automated open source governance powered by precise, curated, and actionable intelligence should investigate the Nexus Platform.

Stop bad parts at the front door.

Learn More

Continuously analyze quality and security.

Learn More

Organize, store, and distribute parts.

Learn More

Ready to Try Nexus Products?

Sonatype, A Better Way to Build