Open Source Governance

Nexus Intelligence

As a heart of Nexus Platform, Nexus Intelligence is a Machine learning engine which has analyzed more than 20 million open source libraries, and Sonatype continuously feeds this intelligence to customers so they make better innovation decisions early and everywhere across their development lifecycle

Nexus Repo Pro

Expert flow control for binaries, build artifacts, and release candidates.

The perfect system of record for all your software parts

  • Manage components, build artifacts, and release candidates in one central location.
  • Understand component security, license, and quality issues.
  • Modernize software development with intelligent staging and release functionality.
  • Scale DevOps delivery with high availability and active/active clustering.
  • Sleep comfortably with world-class support and training.

Universal support for all your favorite formats and tools.

  • Store and distribute Maven/Java, npm, NuGet, RubyGems, Docker, P2, OBR, APT and YUM and more.
  • Manage components from dev through delivery: binaries, containers, assemblies, and finished goods.
  • Awesome support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy.
  • Integrated with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more.

Nexus Firewall

Stop open source risk at the front door. Secure your DevOps perimeter.

Automatically block vulnerable open source components.

  • Block unwanted Java, JavaScript, .Net, PyPi, RubyGems, and RPM components from entering your software supply chain.
  • Improve application hygiene and protect repositories, including staging and release.
  • Automatically prevent risky components from entering into your applications.

Harness all of the good in open source, but none of the bad.

  • Know which components you should or shouldn’t use, across your enterprise.
  • Create policies to ensure risky components never make it into production applications.
  • Identify defective components, license risk, and architectural quality.

Nexus Lifecycle

Precise open source intelligence for your entire DevOps pipeline.
  • Define open source component policies by organization, team, and application type
  • Continuously visualize component intelligence within your favorite tools (including Nexus and Artifactory).
  • Automatically and contextually enforce policies across your entire DevOps pipeline.
  • Pair component intelligence with in-house apps using supported REST APIs.

Use Cases

Code, Language, Coding, Development, Application, Project

Software Development

  • Innovate faster.
  • Fewer bugs to fix.
  • Automatically leverage highest quality open source components.

Application Security

  • Shift security left.
  • Automatically identify open source risk.
  • Rapidly remediate known vulns early, everywhere, at scale.


  • Release faster with less risk.
  • Fully align Dev, Sec, and Ops teams.
  • Infuse automated governance into every phase of your CI/CD pipeline.

DevSamurai and


Sonatype is the leading provider of DevOps-native tools to automate modern software supply chains.

As the creators of Apache Maven, the Central Repository, and Nexus Repository, Sonatype pioneered componentized software development and has a rich history of supporting open source innovation.

Today, more than 120,000 organizations depend on Sonatype’s Nexus platform to govern the volume, variety, and quality of open source components flowing into modern software applications.

DevSamurai is proud of being the first Sonatype partner in Japan​

Thinking about a solution to govern your open source supply chain? Let us know

Contact Us

    Our Mission

    DevSamurai enables companies to modernize and automate IT and business processes.
    We help customers to transform IT to next level with latest cloud computing platform, devops tools and best practices.
    Our team provide industry leading consulting expertise, service delivery, cutting edge products and solutions to all steps of Software Development Life Cycle (SDLC).