<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Nexus Products Overview

Start here for a healthy software supply chain.

See Pricing

2016 State of the Software Supply Chain

Component Management
Powered by Repository Manager

Repository OSS

A free repository manager with universal support for popular component formats. 
  • Basic component intelligence
  • Supports Maven, Docker, NuGet, npm, PyPI, Bower, and more


Repository Pro

The enterprise-grade solution for managing software components.

Component Intelligence
Powered by IQ Server


Automatically stop risky components from entering your software supply chain. 
  • Custom policy for repositories
  • Detailed repository reporting
  • Integrates seamlessly with Nexus Repository Pro



Surface component intelligence throughout your entire software supply chain. 
  • Custom policy for applications
  • Detailed application reporting
  • Integrates seamlessly with popular development tools
  • Continuously monitor applications in production

What's included in the Nexus Software Supply Chain Platform?
Click on a feature to learn more.
Repository Manager Features & Integrations

Docker feat-oss.png feat-pro.png

Support includes Docker registries as the Docker repository format for hosted and proxy repositories. You can expose these repositories to the client-side tools directly or as a repository group, which is a repository that merges and exposes the contents of multiple repositories in one convenient URL.

User Documentation

npm feat-oss.png feat-pro.png

Node.js developers, Grunt users, and others can use Nexus Repository Manager to proxy npmjs.org and others as well as easily host their own packages.

User Documentation

NuGet feat-oss.png feat-pro.png

.Net developers can take advantage of the NuGet package manager and the integration in VisualStudio to manage their own and third-party packages.

User Documentation

Maven feat-oss.png feat-pro.png

The Maven 2 repository format is supported by tools such as Apache Maven, Apache Ant, Apache Ivy, Eclipse Aether, Gradle, SBT, Leiningen and others.If you still rely on Maven 1 repositories, Nexus Repository Manager can expose them in Maven 2 format to help with your migration efforts.

User Documentation

Bower feat-oss.png feat-pro.png

Register your own packages to a private Bower registry as a hosted repository on the repository manager and then expose the remote and private repositories to Bower as a repository group. This provides a repository that merges and exposes the contents of multiple repositories in one convenient URL.

User Documentation

P2 Support feat-oss.png feat-pro.png

Provide P2 repositories to your Eclipse IDE users or distribute your Eclipse RCP application by proxying and hosting P2 repositories.

User Documentation

YUM feat-oss.png feat-pro.png

Establish a deployment pipeline from your Maven build to your Linux servers using RPM packages and YUM repositories.

User Documentation

RubyGems feat-oss.png feat-pro.png

Ruby, Rails, JRuby, Torquebox users and others using gem or Bundler can enjoy the benefits of proxying and hosting gem repositories.

User Documentation

OSGI Bundle feat-oss.png feat-pro.png

Use Nexus Repository Manager to proxy and host OSGi bundle repositories.

User Documentation

Smart Proxy feat-pro.png

Smart Proxy enables immediate deployment notification to downstream Nexus servers. This allows you to scale to as many Nexus instances as you desire quickly and efficiently, getting components right to where your teams need them, as fast as possible.

User Documentation

Unlimited Deployment feat-oss.png feat-pro.png

Scale your organization and deployment to as many servers and datacenters as you like without worrying about licensing.

User Documentation

Component Search feat-oss.png feat-pro.png

A valuable tool for discovering the latest versions and what is available remotely. Component Search provides a variety of search critera including by keyword. Additional features include the ability to display all the transitive dependencies of your component without the necessitiy to use any external tools, as well as ddd any key-value pair annotations to components and find them via search.

User Documentation

Component Intelligence feat-oss.png feat-pro.png

Access a range of component intelligence data including age, popularity, security vulnerabilities and license issues for components in your repositories.

User Documentation

MetaData feat-pro.png

Add any key-value pair annotations to components and find them via search.

User Documentation

Repository REST feat-oss.png feat-pro.png

Integrate Nexus Repository Manager with any tool that can work with plain HTTP or REST API's. A number of open source integrations with common tools are already available and supported by the robust Nexus Repository OSS community.

User Documentation

Repository Plugins feat-oss.png feat-pro.png

Add support for a new repository format, a new scheduled task, a new staging rule or any other extensions of Nexus Repository Manager you can think of. In some instances, we may even include your plugin as part of Nexus Repository Manager (e.g. RubyGems or Yum).

User Documentation

Repository Integrations feat-oss.png feat-pro.png

A large number of integrations and extensions such as Docker images, Chef and Puppet support, command line interface already exist. Expanding this even further are many more available through the active Nexus Repository Manager open source community.

User Documentation

Authentication/Token feat-pro.png

The built-in security system provides authentication and authorization control out of the box. We've even made sure you can avoid clear text storage of username and passwords on developer machines and CI servers.

User Documentation

Custom Access Controls feat-oss.png feat-pro.png

Grant users create, read, update, and delete access to user interface features, or even specific components.

User Documentation

Enterprise LDAP feat-pro.png

Going beyond standard LDAP, Enterprise LDAP functionality includes support for caching, multiple LDAP servers, templates, failover and more.

User Documentation

Atlassian Crowd feat-pro.png

Connect Nexus Repository Manager to the same security backend as Confluence, Bamboo and JIRA.

User Documentation

Staging and Release feat-pro.png

Deploy directly to the desired repository with your choice of build or deployment tool, or via straight HTTP. Includes dedicated security setup, automated rule validation, notifications and ability to re-run release.

User Documentation

Community Support feat-oss.png feat-pro.png

Around the clock, around the world. We are here to help. From supporting the popular community Q&A site to exchange experiences with other users and be notified of releases and more. Chat to the developers and support staff in realtime. The free book Repository Management with Nexus is available online and constantly updated. Access in-depth information from our support team at your fingertips. Public and private classes making you a Nexus Repository Manager champion. Blog posts, videos and everything that goes on in the community around Nexus products.

User Documentation

Enterprise Support feat-pro.png

While all users of Nexus Repository Manager (include Nexus Repository OSS) have access to documentation, knowledge base articles, and community-based support. Enterprise support includes direct access to our Nexus Repository Manager experts, with option 24/7 access if desired.

User Documentation
IQ Server Features & Integrations

Java feat_fire.png feat-life.png

Available in all IQ Server powered products, and continuously updated, component intelligence for the Java ecosystem includes security, license, age, and popularity. When applicable detailed security findings, including suggested paths to remediation are also included.


.Net feat_fire.png feat-life.png

Available in all IQ Server powered products, and continuosly updated, component intelligence for the .Net ecosystem includes support for NuGet packages. For supported components, security and license data help your teams identify risk associated with identified components, with the ability to define policy and automate actions associated with the presence of policy violations.


JavaScript feat_fire.png feat-life.png

Available in all IQ Server powered products, and continuously updated, component intelligence for the JavaScript ecosystem includes security data, as well as the ability to define policy that empowers your teams to easily identify risk associated with identified components. Added to this is the ability to define policy and automate actions associated with the presence of policy violations.


Eclipse feat-life.png

Nexus IQ for the Eclipse IDE provides development teams with always-on access to Sonatype's full range of component intelligence directly within the Eclipse user interface. This includes the ability to evaluate applications against an organization's policy as well as the ability to retrieve component data across any known versions of a component. In addition to the automatic policy violation, security, license, and quality information for components, any required dependencies (including transitive) will be evaluated as well. Features specific to Eclipse include component comparison across a variety of facets including potential policy violations, security vulnerabilities, license issues, and quality information as well as the ability to easily migrate to different version of components when necessary.

User Documentation

IntelliJ IDEA feat-life.png

Nexus IQ for IntelliJ IDEA provides always-on access to security vulnerability, license issue, and other quality related data, including paths to remediation, directly inside the IDEA user interface. This integration also provides detailed evaluation of applications against an organization's established component policy, instantly letting development teams understand which components are intriducing risk, or could cause potential issues in the future. Bringing this all together, component data is not isolated to a single version, but all known versions of a component.

User Documentation

Jenkins feat-life.png

IQ Server integration with Jenkins enables software supply chain automation at the CI level with options to warn and/or fail builds, as well as notify team members, when components out of compliance with defined policy are found in your applications. In addition, summary-level information is provided at the time of build evaluation, and directly inside the Jenkins interface, with links to detailed report located on IQ Server.

User Documentation

Atlassian Bamboo feat-life.png

IQ Server integration for Bamboo enables software supply chain automation at the CI level with options to warn and/or fail builds, as well notify team members, when components out of compliance with defined policy are found in your applicatons. In addition, summary-level information is provided at the time of build evaluation, and directly inside the Bamboo interface, with links to detailed report located on IQ Server.

User Documentation

Nexus Repository Integration feat_fire.png

Direct integration with Nexus Repository Pro provides the ability to audit the quality of components entering your supply chain, as well as evaluate components found in applications being staged or released. Using the native Quarantine feature, you can define automated policy to recognize and block unwanted components by their attributes. This stops these unwanted components from finding their way into your applications and the rework later to remove them. In addition, a summary level overview for policy violations by repository is included directly inside Nexus Repository Manager, with access to a detailed view of components found in your repositories.

User Documentation

Maven Plugin feat-life.png

Using the provided Nexus IQ for Maven plugin, users have the ability to support their Maven builds with the world's best component intelligence. In addition you can set builds to fail due to violations, including those found in transitive dependencies.

User Documentation

SonarQube feat-life.png

SonarQube has become a defacto standard for helping teams engineer quality into their applications. The SonarQube integration provides always-on component intelligence directly in SonarQube projects and Dashboards, ensuring teams are evaluating every facet of high-quality application development.

User Documentation

Sonatype Data Services feat_fire.png feat-life.png

IQ Server is directly integrated with Sonatype Data Services, our proprietary approach to component intelligence. To learn more check out the Sonatype Data Services area in the Learn section of our site.


Security feat_fire.png feat-life.png

Grant different users access only to user interface features they should use. Grant different users access only to specific components with create, read, update and delete restrictions.

User Documentation

IQ REST API feat_fire.png feat-life.png

IQ Server includes a full suite of public REST APIs you can use to integrate with your own in-house applications, or customize for integration with tools we don't currently support. The range of data you'll have access to includes on-demand evaluation of individual components and/or applications, component search and intelligence, and deatiled policy information and management.

User Documentation

Application Hierarchy feat_fire.png feat-life.png

The customized structure of IQ Server's application management is based on a tree-like structure allowing you to provide global policy for all teams, and then refine that down to individual teams, and even specific applications. Additional features like application categories provide a way to ensure applications of a specific type will always be evaluated against the right policies.

User Documentation

Application Monitoring feat-life.png

After applications go to production, it's likely new vulnerabilities or other quality related issued will be discovered. IQ Server's application monitoring provides continuous, ongoing component intelligence for applications in production, with the ability to notify members of your team when issues are identified.

User Documentation

Actions and Notifications feat_fire.png feat-life.png

Integrations into tools your teams already use (e.g. Eclipse, IntelliJ, Jenkins, Bamboo, Nexus Repository Pro), is a central part of IQ Server. A number of automated actions are provided that allow you to notify team members when issues are detected. In more extreme cases actions can prevent components from being downloaded into a repository, being built, or moving to production. As with policy this can be managed globally or down to the specific application.

User Documentation

Component Labels feat_fire.png feat-life.png

Not everyone on your team will be as intimately familiar with a specific components as the next person. For this reason, the IQ Server provides teams with the ability to create a component label and a corresponding description. This flexibility is further extended with the ability to manage labels globally and by specific application. IQ Server even lets you base policy on the presence (or absence) of a specific component label.

User Documentation

Application Categories feat_fire.png feat-life.png

Not every application will have the same exposure or have a similar attack surface for vulnerabilities. The Application Categories feature in IQ Server lets you make sure applications are always evaluated against the right set of policies.

User Documentation

Adhoc Evaluation feat-life.png

Not every application follows a modern development or build process. In some cases, you may not even have access to anything other than a completed application. For these situations, and any others that arise, the IQ Server allows ad hoc evaluation of any application. This can be done via the user interface, directly at the IQ Server level, from the command line, or a range of plugins and APIs.

User Documentation

Command Line feat-life.png

For those with a tool we don't currently integrate with (we add more each release), or in cases when your development team prefers to interact with the IQ Server from the Command Line, you'll have for support and endless expandability with our CLI (Command Line Interface) tool. Of course, IQ Server already provides direct integrations with a variety of today's most popular tools (e.g. Nexus Repository, Eclipse, Atlassian Bamboo, IntelliJ by IDEA, and Jenkins).

User Documentation

Policy Management feat_fire.png feat-life.png

Managing component usage in the modern Software Supply Chain isn't simply about defining what components a team should use. That's not scalable and generally results in inefficient development. Instead, defining what bad components look like, and delivering that information directly to development teams and decision makers becomes a critical path forward. This becomes the key differentiator between micromanaging development and empowering teams to move quickly and efficiently, stopping risk before it's ever introduced.

User Documentation

Threat Level feat_fire.png feat-life.png

Not every component introduces the same amount of risk. In some cases they may not present any risk at all, and instead simply provide a check to ensure overall quality. With the ability to customize a policy's threat level, you can organize policy violations by the most severe, ensuring teams know exactly which issues they need to tackle first.

User Documentation

License Threat Groups feat_fire.png feat-life.png

Even for experts, software licensing can be a complex subject. For development teams unfamiliar with this type of risk, determining which licenses associated with a component present risk can be equally difficult. License Threat Groups allow your internal experts to define which licenses pose a potential threat, and convey that in an easy-to-understand and view format for development teams. Additionally, you can set policy based on License Threat Groups, which can be enforced throughout your software supply chain.

User Documentation

Issue Status feat-life.png

Every evaluation of an application provides a detailed report (i.e. The Application Composition Report). While this report is the central source of determining the health of an application, it's not static. The included ability to set the Issue Status of identified security vulnerabilities and license issues, provides a way for your team to automate the flow, as well as build policy around these statuses.

User Documentation

Application Composition Report feat_fire.png feat-life.png

Every application evalutation performed by IQ Server produces a detailed, application composition report. This report includes summary level security, license, quality, and policy data along with the ability to dive into the details of every component identified. In addition, teams will have the ability to label and waive components, review remediation recommendations, and assign status to any indentified issues.

User Documentation

Dashboard feat_fire.png feat-life.png

The IQ Server's main view provides a top level view of the health of your applications. Identified policy violations, organized by their assigned threat provide a path to peel back layers all the way to specific components, the application they were found in, and exactly where they were found.

User Documentation

Bill of Materials feat_fire.png feat-life.png

As part of every evaluation, IQ Server provides a detailed list of every component identied inside an application. If desired this can be exported to PDF for easy distribution.

User Documentation

LDAP feat_fire.png feat-life.png

In addition to a robust, built-in user management and role-based permission system, products powered by IQ Server include the ability to support integration for users via LDAP.

User Documentation

Component Matching feat_fire.png feat-life.png

Not only does Sonatype provide the most in-depth and unique component intelligence, our approach to exact component matching greatly reduces the possibility of false positives. This is accomplished through precise identification, and is at the heart of our automated approach. Using patented, proprietary matching algorithms our products intelligently match what's found in your applications, not just to known open source, claimed, and proprietary components, but also in cases where just a part of the component resembles something known to Sonatype's vast collection of component data.

User Documentation
Learn Nexus

Already using Nexus products?