Login Contact Us Book a Demo

DEPLOYMENT OPTIONS

Sonatype Runs Anywhere

Sonatype's flexible deployment models let you run anywhere — in the cloud, on-premises, or air-gapped.

CLOUD

Effortless Cloud Deployment

Sonatype on the cloud automates maintenance and infrastructure, making it simpler than ever to secure your SDLC. All products now available in the AWS Marketplace.

Scale Easily in the Cloud

Meet the needs of your users as you scale. Add new teams, apps, and users, with zero deployment.

Simplify Integration

Configure APIs and easily connect with the systems and tools you already have in place.

Spend Efficiently

Get what you need, when you need it. Eliminate wasted space, maintenance fees, and other upfront costs.

Trust Enterprise Quality

SOC certifications guarantee that data security is built into every layer.
AVAILABLE FOR
sonatype-repository-logo-black
Sonatype Repository firewall logo black.
sonatype-lifecycle-logo-black
sonatype-sbom-manager-logo-black
Ready to migrate to Nexus Repository Cloud? Explore how easy the switch can be. Learn More

SELF-HOSTED

Deploy on Your Terms

Store and operate Sonatype on your own hardware. Implement and automate security policies that match your specific risk criteria.

Automate Security

Eliminate unnecessary manual processes. Let Sonatype’s behavioral AI handle policy enforcement.

Keep Control In-House

Prefer to maintain software yourself? Have complete control of your environment, infrastructure, and assets at all times.

Scale with Ease

Self-hosted can be cheaper than cloud hosting. At first. We can help you evaluate your processes and expenses to make the best decision.

Add to Existing Solutions

If you’re already hosting other software on-premise, you may find it easier to continue deploying in-house.
AVAILABLE FOR
sonatype-repository-logo-black
Sonatype Repository firewall logo black.
sonatype-lifecycle-logo-black
sonatype-sbom-manager-logo-black

AIR-GAPPED

Deploy in a Zero-Trust Environment

Ensure the highest levels of security and compliance at all stages of development. Government agencies and other highly regulated industries can avoid the public internet and even other network within their organizations.

Learn More
 

Maximize Security

Air-gapped security keeps your SDLC safe from attacks and theoretical threats.

Scale When You Need

More internal infrastructure means higher costs. Scale when you need, and Sonatype will be there to help ease the transition to other deployments.

Log Data Efficiently

Data updates can take longer in air-gapped environments. Sonatype tools help bridge the gap.

Integrate Seamlessly

Server space and administrative resources are needed before implementing a disconnected model.
AVAILABLE FOR
sonatype-repository-logo-black
Sonatype Repository firewall logo black.
sonatype-lifecycle-logo-black
sonatype-sbom-manager-logo-black
Talk to a deployment expert
icon-carrot_left-large
icon-carrot_right-large

Enterprise Support and Security

The Sonatype Technical Support Team provides world class support for all three deployment options as part of the subscription at no additional cost. Cloud customers receive extended support with 24x7x365 coverage for Sev-1 (production outage) issues as part of their subscription. 

Learn more

Browse Resources

View all Resources
Blog Post

A guide to deployment models: Self-hosted, cloud, and air-gapped

Read More
Blog Post

Securing Multi-Environment Deployments: Cloud, On-Premise, and Air-Gapped

Read More
Blog Post

Securing software development with Sonatype Air-Gapped Environment (SAGE)

Read More

Frequently Asked Questions

 

What deployment options does Sonatype offer?

Sonatype solutions are available as a cloud deployment hosted in Sonatype’s data center environment, self-hosted or on-premises deployment, and a fully disconnected deployment using the Sonatype Air-Gapped Environment (SAGE).

How do I choose between deployment models?

The Sonatype solutions are available in multiple deployment models to meet the security, infrastructure, and connectivity needs of any organization, helping you choose the option that best aligns with your operational and regulatory requirements.

SaaS (Sonatype-hosted) deployments are fully managed by Sonatype and run in the cloud, offering the fastest time to value with no infrastructure to maintain, automatic updates, and built-in scalability. This model is ideal for teams that want to reduce operational overhead while benefiting from continuously updated intelligence and policies.

On-premises or self-hosted deployments provide full control over where and how the platform runs, making them well suited for organizations with strict data residency, compliance, or integration requirements. Teams can operate Sonatype solutions within their own infrastructure while maintaining alignment with existing security and governance practices.

For highly regulated organizations operating in classified, restricted, or sensitive environments, Sonatype supports fully disconnected deployments through the Sonatype Air-Gapped Environment (SAGE). SAGE enables these organizations to apply the same vulnerability intelligence, policy enforcement, and software supply chain protections without any direct internet access, using tightly controlled, offline update mechanisms that align with strict compliance and security requirements.

Sonatype solutions can be deployed wherever your software development and delivery pipelines operate — from fully cloud-managed environments to the most tightly regulated and disconnected systems.

Can Sonatype solutions run in a disconnected environment?

Yes, Sonatype supports fully disconnected deployments through SAGE, enabling vulnerability intelligence, policy enforcement, and governance without direct internet access.