SONATYPE SOFTWARE SUPPORT POLICY 4.0 – OPEN SOURCE OFFERINGS

Pursuant to and in accordance with Section 6 of Sonatype’s Software Support Policy available at https://www.sonatype.com/usage/software-support-policy (“Support Policy”), Sonatype will provide support for the following open source tools (“Open Source Offerings”):

Nancy https://github.com/sonatype-nexus-community/nancy
Nancy scans Golang projects for vulnerable third party dependencies.

Chelsea https://github.com/sonatype-nexus-community/chelsea
Chelsea is a CLI application that scans RubyGem projects for vulnerable third party dependencies.

Jake https://github.com/sonatype-nexus-community/jake
Jake scans Python and Conda environments for vulnerable third-party dependencies.

AuditJS https://www.npmjs.com/package/auditjs
AuditJS scans JavaScript projects for vulnerable third party dependencies.

Nexus IQ Chrome Extension - https://github.com/sonatype-nexus-community/nexus-iq-chrome-extension
Chrome Plugin for use with Sonatype Nexus Lifecycle - IQ server  

Nexus Firewall for Artifactory Plugin - https://github.com/sonatype/firewall-for-artifactory
Firewall plugin for JFrog Artifactory to block known and unknown risk from entering your SDLC.


* This list of Open Source Offerings and the terms of the Support Policy may be updated by Sonatype from time to time at its discretion.