Tool integrations
OpenShift
Use the Sonatype platform to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment for enhanced application security.
Amazon Web Services
Manage and secure open source and third-party components in the cloud with Sonatype Nexus Repository and IQ Server.
Red Hat Clair**
Sonatype Lifecycle integrates with Red Hat Clair to evaluate application, runtime, and OS level vulnerabilities within IQ for a single view into container risk.
Sonatype Container
Helping your Development, Security, and Operations teams discover, continuously monitor, and fix container vulnerabilities during the entire container lifecycle.
PyCharm
Integrate Sonatype Nexus Repository Manager with PyCharm for streamlined appsec and faster Python development.
Eclipse
Empower developers with precise component and open source risk intelligence directly within the Eclipse IDE.
IntelliJ IDEA
Empower developers with precise component intelligence directly within IntelliJ IDEA.
Microsoft Visual Studio
Empower developers with precise component intelligence directly within Microsoft Visual Studio.
VS Code*
Scans JavaScript, R, Ruby, GoLang, PyPy (Python) projects for software supply chain security risks and vulnerable third-party dependencies
WebStorm
Get precise component intelligence for JavaScript/Node modules in WebStorm, the JS-focused IDE from Jetbrains.
Jenkins
Shift security and quality practices left by automatically sending alerts or failing Jenkins builds when application components are out of compliance with your SDLC security policies.
Atlassian Bamboo
Shift application security and quality practices left by automatically sending alerts or failing Bamboo builds when application components are out of compliance with your open source policies.
GitLab
Our new Lifecycle integration with GitLab Ultimate lets you view vulnerability findings directly in your project’s Vulnerability Report and Dependency List.
Azure DevOps
Shift security and quality practices left by automatically sending alerts or failing Azure builds when application components are out of compliance with your open source policies.
CircleCI*
Publish components automatically from CircleCI to Nexus Repository with native orb integration.
Xebia Labs**
Identify the AppSec risk associated with open source components used within your applications and understand where those applications are deployed - QA, UAT, Production.
Chrome Extension
Identify the open source risk within a package before you even download it with our Chrome extension.
AuditJS
Scan JavaScript (node.js inclusive) projects for vulnerable third-party dependencies
Pants*
A Cargo subcommand that provides a bill of materials in a project and any vulnerabilities that are found on those dependencies.
Bach
Enhance AppSec by scanning PHP and Composer projects for vulnerable third-party dependencies.
Sherlock Trunks
A Gradle plugin that scans the dependencies of a Gradle project for vulnerabilities.
Micro Focus Fortify
Gain a 360-degree view of all your application security issues with integration to Fortify SSC and Fortify On-Demand.
GitHub
Sonatype Lifecycle pushes component intelligence into GitHub where developers can view and respond to policy violations directly in pull requests.
Atlassian Bitbucket
Sonatype Lifecycle pushes component intelligence into Bitbucket where developers can view and remediate SDLC security policy violations with detailed Code Insights.
Azure DevOps
Sonatype Lifecycle integrates component intelligence into Azure DevOps where developers can remediate vulnerabilities and software supply chain security policy violations directly in pull requests.
JIRA
Auto-create Jira tickets when policy violations are triggered in Sonatype Lifecycle.
sbt
Resolve dependencies and deploy your artifacts and build information to Sonatype Nexus Repository.
Maven
Infuse your Maven builds with the most precise component intelligence and automatically fail builds based on policy violations, including violations found in transitive dependencies.
Gradle
Resolve dependencies and deploy your artifacts and build information to Sonatype Nexus Repository.
Language support
| Name | ||
|---|---|---|
|
(Conan)
|
(Conan)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Typescript |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(EPEL)
|
Package support
| Name | |||
|---|---|---|---|
|
Footnote:
|
|
|
|
Footnote:
|
||
|
Footnote:
|
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
via Community
|
|
Footnote:
|
||
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
||
|
Footnote:
|
|
|
|
Footnote:
|
||
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
“Nexus has shown our organization that security has to be built in. Security is not something that you bolt on. To be successful, it must be built in, from architecture to design, to coding and testing.”
