Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Plans & Pricing

Package Pricing

Standard

Manage and protect your development pipelines with Nexus Repository,  Nexus Firewall and Sonatype Lift.

$78,400
per year
(100 users)

INCLUDES:

  • Ability to define policy and automatically prevent open source risk from entering your software supply chain
  • Code Quality and Software Composition Analysis (SCA)
  • Expert guidance for alternative and compliant versions
  • Universal format coverage to manage binaries and build artifacts
  • Multi-Cloud Storage: Amazon S3 and Azure Blob Storage
  • Integration with your favorite CI/CD tools
  • SAML single sign-on
  • Advanced metadata tagging
  • Staging and build promotion
  • High availability clustering
  • 24/7 expert support

Premium

Analyze and continuously secure your entire software supply chain with Nexus Repository, Nexus Firewall, Nexus Lifecycle and Sonatype Lift.

$135,900
per year
(100 users)

INCLUDES:

  • All standard features, PLUS...
  • Ability to define policy and automatically enforce policies across your entire software supply chain
  • Code Quality Analysis
  • Automatic generation of a software bill of materials for all builds
  • Safer component selection for developers
  • Dashboards to identify MTTR and relevant success metrics
  • High-speed remediation with expert guidance
  • Continuous monitoring for new vulnerabilities
  • Dependency management in source control with automated pull requests

Enterprise

Automate application and container scanning across your entire software supply chain with Nexus Repository, Nexus Firewall, Nexus Lifecycle, Nexus Container and Sonatype Lift.

Let's chat.

INCLUDES:

  • All premium features, PLUS...
  • Container security with deep scanning and advanced runtime monitoring
  • Runtime configuration and OS analysis to discover and fix vulnerabilities in containers
  • Network inspection with Layer 7 DPI
  • Threat detection with DDos, DNS
  • Data breach detection
  • Service Mesh integration with encrypted packet inspection
  • Auto scanning and container visualization/ mapping
  • Custom response rules
Billed annually / Unlimited repositories / Unlimited integrations.
HIDE ALL PLAN DETAILS
Artifact Repositiory

Centralize and manage all your components, binaries, and build artifacts.

FREE

INCLUDES:

  • Unlimited number of users
  • Unlimited proxy, host and group repositories
  • Universal format coverage
  • Integration with popular CI/CD tools
  • Container registry
  • Community formats and plugins
  • Cloud storage: Amazon S3

Take your builds to the next level with enterprise artifact management, multi-cloud storage and high availability.

$120
per user
per year

INCLUDES:

  • Everything in Repository OSS, PLUS...
  • Enterprise management of binaries and build artifacts
  • SAML single sign-on
  • Multi-Cloud: Azure Blob Storage coming soon
  • High availability clustering
  • Advanced metadata tagging
  • Staging and build promotion
  • Group Blob store
  • Group deployment (Docker)
  • Enterprise standard support
Billed annually / Unlimited repositories / Unlimited integrations.
HIDE PRODUCT DETAILS
Code Quality Analysis

Code Quality and Software Composition Analysis (SCA), free forever on public repositories.

FREE

INCLUDES:

  • Cloud-based
  • Code Quality and Software Composition Analysis (SCA)
  • Unlimited use on public repos
  • Free forever

Code Quality and SCA for your private repositories.

$25
per user/per month

INCLUDES:

  • Cloud-based
  • Code Quality and SCA
  • Unlimited use on public and private repositories
  • Supports GitHub and GitLab
  • 14-day free trial via the GitHub Marketplace
  • Save $5/user/month by choosing an annual subscription

Code Quality for your self-hosted repositories.

Contact sales for pricing.

INCLUDES:

  • Self-hosted
  • Code Quality Analysis for enterprise teams
  • Unlimited use on self-hosted repositories
  • Supports GitHub, GitLab, and Bitbucket
HIDE PRODUCT DETAILS
Software Composition Analysis

Advance your SCA, stopping OSS risk at the front door.

$424
per user
per year*

INCLUDES:

  • Ability to define policy and automatically prevent risky open source from entering your software supply chain
  • Expert guidance for alternative and compliant versions
  • Universal language coverage

Eliminate OSS risk across the entire SDLC.

$775
per user
per year*

INCLUDES:

  • Ability to define policy and automatically enforce compliance across your entire software supply chain
  • Integration with your favorite CI/CD tools
  • Frontline developer advantage with use of popular IDEs
  • Rapid remediation with expert guidance
  • Continuous monitoring for new vulnerabilities
Billed annually / Unlimited repositories / Unlimited integrations.
HIDE PRODUCT DETAILS
Container Security

Protect your containers with vulnerability scanning, compliance, and remediation at runtime.

Contact sales for pricing.

INCLUDES:

  • Automated Scanning providing continuous container security (host, platform, registry and container), from pipeline through production
  • Zero-Trust Segmentation and automated security policy generation at Network, Process and File Access security layers
  • Data Loss Prevention (DLP) for containers
  • Deep Packet Inspection providing identification and validation of Layer-7 application protocols
  • Network Threat Detection including DDoSs, DNS Tunneling, Remote Code Execution (RCE), ICMP Flood, SQL Injection, and more
  • Security as Code export for replicating Zero-Trust Segmentation and security policies for containers, namespaces, custom groups and clusters.
  • Live Network visualization, mapping and packet capture
  • Service Mesh compatible with mTLS encryption enabled
Billed annually / Unlimited repositories / Unlimited integrations.
HIDE PRODUCT DETAILS

Standard

Manage and protect your development pipelines with Nexus Repository,  Nexus Firewall and Sonatype Lift.

$78,400
per year
(100 users)

Premium

Analyze and continuously secure your entire software supply chain with Nexus Repository, Nexus Firewall, Nexus Lifecycle and Sonatype Lift.

$135,900
per year
(100 users)

Enterprise

Automate application and container scanning across your entire software supply chain with Nexus Repository, Nexus Firewall, Nexus Lifecycle, Nexus Container and Sonatype Lift.

Let's chat.

INCLUDES:

  • Ability to define policy and automatically prevent open source risk from entering your software supply chain
  • Code Quality and Software Composition Analysis (SCA)
  • Expert guidance for alternative and compliant versions
  • Universal format coverage to manage binaries and build artifacts
  • Multi-Cloud Storage: Amazon S3 and Azure Blob Storage
  • Integration with your favorite CI/CD tools
  • SAML single sign-on
  • Advanced metadata tagging
  • Staging and build promotion
  • High availability clustering
  • 24/7 expert support

INCLUDES:

  • All standard features, PLUS...
  • Ability to define policy and automatically enforce policies across your entire software supply chain
  • Code Quality Analysis
  • Automatic generation of a software bill of materials for all builds
  • Safer component selection for developers
  • Dashboards to identify MTTR and relevant success metrics
  • High-speed remediation with expert guidance
  • Continuous monitoring for new vulnerabilities
  • Dependency management in source control with automated pull requests

INCLUDES:

  • All premium features, PLUS...
  • Container security with deep scanning and advanced runtime monitoring
  • Runtime configuration and OS analysis to discover and fix vulnerabilities in containers
  • Network inspection with Layer 7 DPI
  • Threat detection with DDos, DNS
  • Data breach detection
  • Service Mesh integration with encrypted packet inspection
  • Auto scanning and container visualization/ mapping
  • Custom response rules
Billed annually / Unlimited repositories / Unlimited integrations.
Pricing based on 100 users.
ALL PLAN DETAILS

Centralize and manage all your components, binaries, and build artifacts.

Take your builds to the next level with enterprise artifact management, multi-cloud storage and high availability.

$120
per user
per year

INCLUDES:

  • Unlimited number of users
  • Unlimited proxy, host and group repositories
  • Universal format coverage
  • Integration with popular CI/CD tools
  • Container registry
  • Community formats and plugins
  • Cloud storage: Amazon S3

INCLUDES:

  • Everything in Repository OSS, PLUS...
  • Enterprise management of binaries and build artifacts
  • SAML single sign-on
  • Multi-Cloud: Azure Blob Storage coming soon
  • High availability clustering
  • Advanced metadata tagging
  • Staging and build promotion
  • Group Blob store
  • Group deployment (Docker)
  • Enterprise standard support
Billed annually / Unlimited repositories / Unlimited integrations.
PRODUCT DETAILS

Code Quality and Software Composition Analysis (SCA), free forever on public repositories.

Code Quality and SCA for your private repositories.

$25
per user/per month

Code Quality for your self-hosted repositories.

Contact sales for pricing.

INCLUDES:

  • Cloud-based
  • Code Quality and Software Composition Analysis (SCA)
  • Unlimited use on public repos
  • Free forever

INCLUDES:

  • Cloud-based
  • Code Quality and SCA
  • Unlimited use on public and private repositories
  • Supports GitHub and GitLab
  • 14-day free trial via the GitHub Marketplace
  • Save $5/user/month by choosing an annual subscription

INCLUDES:

  • Self-hosted
  • Code Quality Analysis for enterprise teams
  • Unlimited use on self-hosted repositories
  • Supports GitHub, GitLab, and Bitbucket
PRODUCT DETAILS

Advance your SCA, stopping OSS risk at the front door.

$424
per user
per year*

Eliminate OSS risk across the entire SDLC.

$775
per user
per year*

INCLUDES:

  • Ability to define policy and automatically prevent risky open source from entering your software supply chain
  • Expert guidance for alternative and compliant versions
  • Universal language coverage

INCLUDES:

  • Ability to define policy and automatically enforce compliance across your entire software supply chain
  • Integration with your favorite CI/CD tools
  • Frontline developer advantage with use of popular IDEs
  • Rapid remediation with expert guidance
  • Continuous monitoring for new vulnerabilities
Billed annually / Unlimited repositories / Unlimited integrations.
*Pricing based on 100 users
PRODUCT DETAILS

Protect your containers with vulnerability scanning, compliance, and remediation at runtime.

Contact sales for pricing.

INCLUDES:

  • Automated Scanning providing continuous container security (host, platform, registry and container), from pipeline through production
  • Zero-Trust Segmentation and automated security policy generation at Network, Process and File Access security layers
  • Data Loss Prevention (DLP) for containers
  • Deep Packet Inspection providing identification and validation of Layer-7 application protocols
  • Network Threat Detection including DDoSs, DNS Tunneling, Remote Code Execution (RCE), ICMP Flood, SQL Injection, and more
  • Security as Code export for replicating Zero-Trust Segmentation and security policies for containers, namespaces, custom groups and clusters.
  • Live Network visualization, mapping and packet capture
  • Service Mesh compatible with mTLS encryption enabled

Billed annually / Unlimited repositories / Unlimited integrations.

PRODUCT DETAILS

Available Add-Ons

Enhance your Nexus Lifecycle capabilities with these expansion packs. Contact Sales for pricing details.

Infrastructure as code

Infrastucture as Code Pack

Empower developers to discover cloud security and compliance issues with IaC terraform analysis, giving development teams immediate feedback on cloud misconfigurations before they surface in production.

ADP-pricing image

Advanced Development Pack

Specifically designed to make development teams’ lives easier, this next-gen dependency management solution helps improve code quality, minimize breaking changes, and integrate security seamlessly into agile workflows.

ALP-Lifecycle-Page-1

Advanced Legal Pack

Streamline OSS license compliance by automating manual tasks and providing legal workflows for easier and faster obligation resolutions — breaking down roadblocks for developers.

Frequently Asked Questions

Do you offer free trials?

Yes, we provide a 14-day free trial of Nexus Repository Pro.

How is ‘user’ defined based on pricing?

General Use: A User is any individual who produces, consumes, or evaluates software artifacts or any portion thereof (including code, configuration files, and/or container images) that are stored in or scanned, analyzed, or otherwise evaluated by a Sonatype product (including via a website or by submitting the code in a pull-request on a repository where a Sonatype product is enabled).

Sonatype Lift: A User is any individual who produces or evaluates source code that is analyzed by the Lift product (including manually-triggered analysis via the Lift website and automated analysis via pull-requests to repos on which Lift is enabled).

What are my payment options?

Our products are billed annually with flexible pricing for any size team or enterprise. Contact our sales teams for more details.

How do the add-on packs work with Nexus Lifecycle?

Nexus Lifecycle Add-On Packs are not standalone products and do require a license of Nexus Lifecycle.

Which programming languages work with Sonatype products?

Sonatype provides extensive language and package support for all of our solutions.

Which third-party integrations work with Sonatype products?

Check out our product integrations to see how our solutions works with popular CI/CD and build tools, IDEs, SCM, and many more!

Do you offer free trials?

Yes, we provide a 14-day free trial of Nexus Repository Pro.

How is ‘user’ defined based on pricing?

General Use: A User is any individual who produces, consumes, or evaluates software artifacts or any portion thereof (including code, configuration files, and/or container images) that are stored in or scanned, analyzed, or otherwise evaluated by a Sonatype product (including via a website or by submitting the code in a pull-request on a repository where a Sonatype product is enabled).

Sonatype Lift: A User is any individual who produces or evaluates source code that is analyzed by the Lift product (including manually-triggered analysis via the Lift website and automated analysis via pull-requests to repos on which Lift is enabled).

What are my payment options?

Our products are billed annually with flexible pricing for any size team or enterprise. Contact our sales teams for more details.

How do the add-on packs work with Nexus Lifecycle?

Nexus Lifecycle Add-On Packs are not standalone products and do require a license of Nexus Lifecycle.

Which programming languages work with Sonatype products?

Sonatype provides extensive language and package support for all of our solutions.

Which third-party integrations work with Sonatype products?

Check out our product integrations to see how our solutions works with popular CI/CD and build tools, IDEs, SCM, and many more!

Get started with Nexus Repository Pro today.

Get started with Nexus Repository Pro today.