Manage risk in the tools you already use
Sonatype has you covered with 50+ languages and integrations across leading IDEs, source repositories, CI pipelines, and ticketing systems.
Tool integrations
There are no results listed. Try removing the search term(s).
OpenShift
Use the Sonatype platform to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.
Amazon Web Services
Manage and secure open source and third-party components in the cloud with Sonatype Nexus Repository and IQ Server.
There are no results listed. Try removing the search term(s).
Red Hat Clair**
Sonatype Lifecycle integrates with Red Hat Clair to evaluate application, runtime, and OS level vulnerabilities within IQ for a single view into container risk.
Sonatype Container
Helping your Development, Security, and Operations teams discover, continuously monitor, and fix container vulnerabilities during the entire container lifecycle.
There are no results listed. Try removing the search term(s).
PyCharm
Integrate Sonatype Nexus Repository Manager with PyCharm for faster Python development.
Eclipse
Empower developers with precise component intelligence directly within the Eclipse IDE.
IntelliJ IDEA
Empower developers with precise component intelligence directly within IntelliJ IDEA.
Microsoft Visual Studio
Empower developers with precise component intelligence directly within Microsoft Visual Studio.
VS Code*
Scans JavaScript, R, Ruby, GoLang, PyPy (Python) projects for vulnerable third party dependencies
WebStorm
Get precise component intelligence for JavaScript/Node modules in WebStorm, the JS-focused IDE from Jetbrains.
There are no results listed. Try removing the search term(s).
Jenkins
Shift security and quality practices left by automatically sending alerts or failing Jenkins builds when application components are out of compliance with your open source policies.
Atlassian Bamboo
Shift security and quality practices left by automatically sending alerts or failing Bamboo builds when application components are out of compliance with your open source policies.
Azure DevOps
Shift security and quality practices left by automatically sending alerts or failing Azure builds when application components are out of compliance with your open source policies.
CircleCI*
Publish components automatically from CircleCI to Nexus Repository with native orb integration.
Xebia Labs**
Identify the risk associated with open source components used within your applications and understand where those applications are deployed - QA, UAT, Production.
There are no results listed. Try removing the search term(s).
Chrome Extension
Identify the risk within a package before you even download it with our Chrome extension.
AuditJS
Scan JavaScript (node.js inclusive) projects for vulnerable third party dependencies
Pants*
A Cargo subcommand that provides a bill of materials in a project and any vulnerabilities that are found on those dependencies.
Sherlock Trunks
A Gradle plugin that scans the dependencies of a Gradle project for vulnerabilities.
There are no results listed. Try removing the search term(s).
Micro Focus Fortify
Gain a 360-degree view of all your application security issues with integration to Fortify SSC and Fortify On-Demand.
ThreadFix**
View Sonatype Lifecycle data in the ThreadFix dashboard for a single view of application security issues.
There are no results listed. Try removing the search term(s).
GitHub
Sonatype Lifecycle pushes component intelligence into GitHub where developers can view and respond to policy violations directly in pull requests.
Atlassian Bitbucket
Sonatype Lifecycle pushes component intelligence into Bitbucket where developers can view and remediate policy violations with detailed Code Insights.
Gitlab
Sonatype Lifecycle pushes component intelligence into GitLab where developers can view and respond to policy violations without breaking a build.
Azure DevOps
Sonatype Lifecycle integrates component intelligence into Azure DevOps where developers can remediate vulnerabilities and policy violations directly in pull requests.
There are no results listed. Try removing the search term(s).
JIRA
Auto-create Jira tickets when policy violations are triggered in Sonatype Lifecycle.
There are no results listed. Try removing the search term(s).
sbt
Resolve dependencies and deploy your artifacts and build information to Sonatype Nexus Repository.
Maven
Infuse your Maven builds with the most precise component intelligence and automatically fail builds based on policy violations, including violations found in transitive dependencies.
Gradle
Resolve dependencies and deploy your artifacts and build information to Sonatype Nexus Repository.
Language support
Name | ||
---|---|---|
|
(Conan)
|
(Conan)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Typescript |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(EPEL)
|
Package support
Name | |||
---|---|---|---|
|
Footnote:
|
||
|
Footnote:
|
||
|
|
|
|
|
Footnote:
|
|
|
|
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
via Community
|
|
Footnote:
|
||
|
Footnote: (Maven2)
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
||
|
Footnote:
|
|
|
|
Footnote:
|
||
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
“Nexus has shown our organization that security has to be built in. Security is not something that you bolt on. To be successful, it must be built in, from architecture to design, to coding and testing.”