<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Nexus Products Overview

Start here for a healthy software supply chain.

See Pricing

top shadow.png

Automate and Scale DevOps

Control the Flow of your Software Supply Chain Early and Everywhere.


Nexus Firewall

Stop bad parts at the front door.

Learn More


Nexus Repository

Organize, store, and distribute parts.

Learn More


Nexus Lifecycle

Continuously analyze quality and security.

Learn More

What's included in the Nexus Platform

Repository Manager Features & Integrations


Support includes registries as the Docker repository format for hosted and proxy repositories. You can expose these repositories to the client-side tools directly or as a repository group, which is a repository that merges and exposes the contents of multiple repositories in one convenient URL.


Node.js developers, Grunt users, and others can use Nexus Repository Manager to proxy npmjs.org and others as well as easily host their own packages.


.Net developers can take advantage of the NuGet package manager and the integration in VisualStudio to manage their own and third-party packages.


The Maven 2 repository format is supported by tools such as Apache Maven, Apache Ant, Apache Ivy, Eclipse Aether, Gradle, SBT, Leiningen and others.If you still rely on Maven 1 repositories, Nexus Repository Manager can expose them in Maven 2 format to help with your migration efforts.


Register your own packages to a private Bower registry as a hosted repository on the repository manager and then expose the remote and private repositories to Bower as a repository group. This provides a repository that merges and exposes the contents of multiple repositories in one convenient URL.


With tens of thousands of packages available for the Python-based PyPI package system, Nexus Repository users can take advantage both proxy and private repositories.

P2 Support

Provide P2 repositories to your Eclipse IDE users or distribute your Eclipse RCP application by proxying and hosting P2 repositories.


Establish a deployment pipeline from your Maven build to your Linux servers using RPM packages and YUM repositories.


Ruby, Rails, JRuby, Torquebox users and others using gem or Bundler can enjoy the benefits of proxying and hosting gem repositories.

OSGI Bundle

Use Nexus Repository Manager to proxy and host OSGi bundle repositories.

Unlimited Deployment

Scale your organization and deployment to as many servers and data centers as you like without worrying about licensing.

Component Search

A valuable tool for discovering the latest versions and what is available remotely. Component Search provides a variety of search criteria including by keyword. Additional features include the ability to display all the transitive dependencies of your component without the necessity to use any external tools, as well as ddd any key-value pair annotations to components and find them via search.

Component Intelligence

Access a range of component intelligence data including age, popularity, security vulnerabilities and license issues for components in your repositories.


Add any key-value pair annotations to components and find them via search.

Repository REST

Integrate Nexus Repository Manager with any tool that can work with plain HTTP or REST API's. A number of open source integrations with common tools are already available and supported by the robust Nexus Repository OSS community.

Repository Plugins

Add support for a new repository format, a new scheduled task, a new staging rule or any other extensions of Nexus Repository Manager you can think of. In some instances, we may even include your plugin as part of Nexus Repository Manager (e.g. RubyGems or Yum).

Repository Integrations

A large number of integrations and extensions such as Docker images, Chef and Puppet support, command line interface already exist. Expanding this even further are many more available through the active Nexus Repository Manager open source community.


The built-in security system provides authentication and authorization control out of the box. We've even made sure you can avoid clear text storage of username and passwords on developer machines and CI servers.

Custom Access Controls

Grant users create, read, update, and delete access to user interface features, or even specific components.

Enterprise LDAP

Going beyond standard LDAP, Enterprise LDAP functionality includes support for caching, multiple LDAP servers, templates, failover and more.

Atlassian Crowd

Connect Nexus Repository Manager to the same security backend as Confluence, Bamboo and JIRA.

Staging and Release

Deploy directly to the desired repository with your choice of build or deployment tool, or via straight HTTP. Includes dedicated security setup, automated rule validation, notifications and ability to re-run release.

Community Support

Around the clock, around the world. We are here to help. From supporting the popular community Q&A site to exchange experiences with other users and be notified of releases and more. Chat to the developers and support staff in realtime. The free book Repository Management with Nexus is available online and constantly updated. Access in-depth information from our support team at your fingertips. Public and private classes making you a Nexus Repository Manager champion. Blog posts, videos and everything that goes on in the community around Nexus products.

Enterprise Support

While all users of Nexus Repository Manager (include Nexus Repository OSS) have access to documentation, knowledge base articles, and community-based support. Enterprise support includes direct access to our Nexus Repository Manager experts, with option 24/7 access if desired.

GitLFS - Git Large File Storage

Reduce download times by hosting video, audio, and image files locally in Nexus Repository, accessible via Git, so all of your binaries are managed in one central location.

Red Hat OpenShift

Nexus Repository Manager is a certified OpenShift solution for managing open source components and containers in Red Hat's Open Container Platform. Use Nexus to store and manage binaries, build artifacts, and Docker containers within your DevOps environment.

Mesosphere DC/OS

Nexus Repository has received certification to run in Mesosphere’s Enterprise DC/OS environment. Mesosphere DC/OS customers will now be able to deploy Nexus Repository as a free solution for managing open source components and Docker containers.

IQ Server Features & Integrations


Available in all IQ Server powered products, and continuously updated, component intelligence for the Java ecosystem includes security, license, age, and popularity. When applicable detailed security findings, including suggested paths to remediation are also included.


Available in all IQ Server powered products, and continuosly updated, component intelligence for the .Net ecosystem includes support for NuGet packages. For supported components, security and license data help your teams identify risk associated with identified components, with the ability to define policy and automate actions associated with the presence of policy violations.


Available in all IQ Server powered products, and continuously updated, component intelligence for the JavaScript ecosystem includes security data, as well as the ability to define policy that empowers your teams to easily identify risk associated with identified components. Added to this is the ability to define policy and automate actions associated with the presence of policy violations.


Nexus IQ for the Eclipse IDE provides development teams with always-on access to Sonatype's full range of component intelligence directly within the Eclipse user interface. This includes the ability to evaluate applications against an organization's policy as well as the ability to retrieve component data across any known versions of a component. In addition to the automatic policy violation, security, license, and quality information for components, any required dependencies (including transitive) will be evaluated as well. Features specific to Eclipse include component comparison across a variety of facets including potential policy violations, security vulnerabilities, license issues, and quality information as well as the ability to easily migrate to different version of components when necessary.

IntelliJ IDEA

Nexus IQ for IntelliJ IDEA provides always-on access to security vulnerability, license issue, and other quality related data, including paths to remediation, directly inside the IDEA user interface. This integration also provides detailed evaluation of applications against an organization's established component policy, instantly letting development teams understand which components are intriducing risk, or could cause potential issues in the future. Bringing this all together, component data is not isolated to a single version, but all known versions of a component.

Microsoft Visual Studio

Empower developers with precise component intelligence directly within Microsoft Visual Studio. With security, license, and quality information at their fingertips, developers choose only the best components based on corporate policies during development, saving time from manual re-work later in the SDLC.


IQ Server integration with Jenkins enables software supply chain automation at the CI level with options to warn and/or fail builds, as well as notify team members, when components out of compliance with defined policy are found in your applications. In addition, summary-level information is provided at the time of build evaluation, and directly inside the Jenkins interface, with links to detailed report located on IQ Server.

Atlassian Bamboo

IQ Server integration for Bamboo enables software supply chain automation at the CI level with options to warn and/or fail builds, as well notify team members, when components out of compliance with defined policy are found in your applicatons. In addition, summary-level information is provided at the time of build evaluation, and directly inside the Bamboo interface, with links to detailed report located on IQ Server.

Nexus Repository Integration

Direct integration with Nexus Repository Pro provides the ability to audit the quality of components entering your supply chain, as well as evaluate components found in applications being staged or released. Using the native Quarantine feature, you can define automated policy to recognize and block unwanted components by their attributes. This stops these unwanted components from finding their way into your applications and the rework later to remove them. In addition, a summary level overview for policy violations by repository is included directly inside Nexus Repository Manager, with access to a detailed view of components found in your repositories.

Maven Plugin

Using the provided Nexus IQ for Maven plugin, users have the ability to support their Maven builds with the world's best component intelligence. In addition, you can set builds to fail due to violations, including those found in transitive dependencies.


SonarQube has become a defacto standard for helping teams engineer quality into their applications. The SonarQube integration provides always-on component intelligence directly in SonarQube projects and Dashboards, ensuring teams are evaluating every facet of high-quality application development.

Xebia Labs

Nexus Lifecycle integrates with XebiaLabs XL Release to identify the risk associated with open source components that are used within your applications and to understand where those applications are deployed within your environment - QA, UAT, Production.

Sonatype Data Services

IQ Server is directly integrated with Sonatype Data Services, our proprietary approach to component intelligence. To learn more check out the Sonatype Data Services area in the Learn section of our site.


Grant different users access only to user interface features they should use. Grant different users access only to specific components with create, read, update and delete restrictions.

Application Hierarchy

The customized structure of IQ Server's application management is based on a tree-like structure allowing you to provide global policy for all teams, and then refine that down to individual teams, and even specific applications. Additional features like application categories provide a way to ensure applications of a specific type will always be evaluated against the right policies


IQ Server includes a full suite of public REST APIs you can use to integrate with your own in-house applications, or customize for integration with tools we don't currently support. The range of data you'll have access to includes on-demand evaluation of individual components and/or applications, component search and intelligence, and deatiled policy information and management.

Application Monitoring

After applications go to production, it's likely new vulnerabilities or other quality related issued will be discovered. IQ Server's application monitoring provides continuous, ongoing component intelligence for applications in production, with the ability to notify members of your team when issues are identified

Actions and Notifications

Integrations into tools your teams already use (e.g. Eclipse, IntelliJ, Jenkins, Bamboo, Nexus Repository Pro), is a central part of IQ Server. A number of automated actions are provided that allow you to notify team members when issues are detected. In more extreme cases actions can prevent components from being downloaded into a repository, being built, or moving to production. As with policy this can be managed globally or down to the specific application.

Component Labels

Not everyone on your team will be as intimately familiar with a specific component as the next person. For this reason, the IQ Server provides teams with the ability to create a component label and a corresponding description. This flexibility is further extended with the ability to manage labels globally and by specific application. IQ Server even lets you base policy on the presence (or absence) of a specific component label.

Application Categories

Not every application will have the same exposure or have a similar attack surface for vulnerabilities. The Application Categories feature in IQ Server lets you make sure applications are always evaluated against the right set of policies.

Adhoc Evaluation

Not every application follows a modern development or build process. In some cases, you may not even have access to anything other than a completed application. For these situations, and any others that arise, the IQ Server allows ad hoc evaluation of any application. This can be done via the user interface, directly at the IQ Server level, from the command line, or a range of plugins and APIs.

Command Line

For those with a tool we don't currently integrate with (we add more each release), or in cases when your development team prefers to interact with the IQ Server from the Command Line, you'll have for support and endless expandability with our CLI (Command Line Interface) tool. Of course, IQ Server already provides direct integrations with a variety of today's most popular tools (e.g. Nexus Repository, Eclipse, Atlassian Bamboo, IntelliJ by IDEA, and Jenkins).

Policy Management

Managing component usage in the modern Software Supply Chain isn't simply about defining what components a team should use. That's not scalable and generally results in inefficient development. Instead, defining what bad components look like, and delivering that information directly to development teams and decision makers becomes a critical path forward. This becomes the key differentiator between micromanaging development and empowering teams to move quickly and efficiently, stopping risk before it's ever introduced.

Threat Level

Not every component introduces the same amount of risk. In some cases, they may not present any risk at all, and instead simply provide a check to ensure overall quality. With the ability to customize a policy's threat level, you can organize policy violations by the most severe, ensuring teams know exactly which issues they need to tackle first.

License Threat Groups

Even for experts, software licensing can be a complex subject. For development teams unfamiliar with this type of risk, determining which licenses associated with a component present risk can be equally difficult. License Threat Groups allow your internal experts to define which licenses pose a potential threat, and convey that in an easy-to-understand and view format for development teams. Additionally, you can set policy based on License Threat Groups, which can be enforced throughout your software supply chain.

Issue Status

Every evaluation of an application provides a detailed report (i.e. The Application Composition Report). While this report is the central source of determining the health of an application, it's not static. The included ability to set the Issue Status of identified security vulnerabilities and license issues provides a way for your team to automate the flow, as well as build policy around these statuses.

Application Composition Report

Every application evalutation performed by IQ Server produces a detailed, application composition report. This report includes summary level security, license, quality, and policy data along with the ability to dive into the details of every component identified. In addition, teams will have the ability to label and waive components, review remediation recommendations, and assign status to any indentified issues.


The IQ Server's main view provides a top level view of the health of your applications. Identified policy violations, organized by their assigned threat provide a path to peel back layers all the way to specific components, the application they were found in, and exactly where they were found.

Bill of Materials

As part of every evaluation, IQ Server provides a detailed list of every component identified inside an application. If desired this can be exported to PDF for easy distribution.


In addition to a robust, built-in user management and role-based permission system, products powered by IQ Server include the ability to support integration for users via LDAP.

Component Matching

Not only does Sonatype provide the most in-depth and unique component intelligence, our approach to exact component matching greatly reduces the possibility of false positives. This is accomplished through precise identification, and is at the heart of our automated approach. Using patented, proprietary matching algorithms our products intelligently match what's found in your applications, not just to known open source, claimed, and proprietary components, but also in cases where just a part of the component resembles something known to Sonatype's vast collection of component data.


The Nexus Platform plugin for Jenkins pushes component intelligence into GitHub where developers can view open source components that violate policies. Help developers eliminate risk by selecting only the best components during code reviews in Github.

PyPI Support for Firewall

Use Nexus Firewall to define and enforce rules for PyPI component usage within your development pipelines and ensure only the best PyPI components enter your Nexus Repository.
Learn Nexus

Already using Nexus products?