Sonatype Introduces Next Generation Dependency Management | Press Release

Sonatype Fugue Partnership

Cloud security and compliance are coming soon to the Nexus Platform.

We’re delivering the first fully integrated infrastructure-as-code (IaC) solution that shifts cloud security left into the developer workflow.

Receive our latest IaC updates

Sonatype and Fugue have partnered to bring Infrastructure as Code (IaC) security to the Nexus Platform.

Easy cloud security and compliance. The combined capabilities of Sonatype and Fugue will enable developers to easily find and fix security vulnerabilities in third party libraries when actively developing cloud applications, while simultaneously preventing security and compliance issues due to misconfigured cloud infrastructure.

Developer feedback in everyday tools. Developers will receive notifications with actionable insights into policy violations for both OSS and cloud infrastructure in the tools they use every day like GitHub and JIRA.

Consolidated view of risk. With open source and cloud security information all in one place, development and operations teams will be able to accelerate innovation and simultaneously improve application security, cloud infrastructure security, and continuous compliance.

One common policy. Sonatype and Fugue users will rely on the same set of rules in development and in production ensuring continuity of security and compliance policies. One policy ensures Dev and Ops teams stay in lock step.

In-depth compliance. Sonatype Nexus Platform customers will soon have access to relevant infrastructure compliance control mappings including CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, SOC 2, and more.

IaC cloud security and compliance is coming to the Nexus Platform in early 2021. Sign up here to stay up to date and get early access.

Learn how Nexus helps you scale DevSecOps practices.


Automatically stop defective open source componenents from entering your SDLC.


Manage libraries and store artifacts in a universal repository and share them across development teams.


Empower teams with precise component intelligence to enforce policies and continuously remediate risk.


Generate a software bill of materials to identify open source components used within 3rd party or legacy applications.

Sonatype Envelope

Ready to Try Nexus Products?

Sonatype, A Better Way to Build