Open Source Governance


Nexus Intelligence

As a heart of Nexus Platform, Nexus Intelligence is a Machine learning engine which has analyzed more than 20 million open source libraries, and Sonatype continuously feeds this intelligence to customers so they make better innovation decisions early and everywhere across their development lifecycle


Nexus Firewall

Stop open source risk at the front door. Secure your DevOps perimeter.

Automatically block vulnerable open source components.

  • Block unwanted Java, JavaScript, .Net, PyPi, RubyGems, and RPM components from entering your software supply chain.
  • Improve application hygiene and protect repositories, including staging and release.
  • Automatically prevent risky components from entering into your applications.

Harness all of the good in open source, but none of the bad.

  • Know which components you should or shouldn’t use, across your enterprise.
  • Create policies to ensure risky components never make it into production applications.
  • Identify defective components, license risk, and architectural quality.

Nexus Lifecycle

Precise open source intelligence for your entire DevOps pipeline.

  • Define open source component policies by organization, team, and application type
  • Continuously visualize component intelligence within your favorite tools (including Nexus and Artifactory).
  • Automatically and contextually enforce policies across your entire DevOps pipeline.
  • Pair component intelligence with in-house apps using supported REST APIs.

Nexus Repo Pro

Expert flow control for binaries, build artifacts, and release candidates.

The perfect system of record for all your software parts

  • Manage components, build artifacts, and release candidates in one central location.
  • Understand component security, license, and quality issues.
  • Modernize software development with intelligent staging and release functionality.
  • Scale DevOps delivery with high availability and active/active clustering.
  • Sleep comfortably with world-class support and training.

Universal support for all your favorite formats and tools.

  • Store and distribute Maven/Java, npm, NuGet, RubyGems, Docker, P2, OBR, APT and YUM and more.
  • Manage components from dev through delivery: binaries, containers, assemblies, and finished goods.
  • Awesome support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy.
  • Integrated with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more.

DevSamurai and

DevSamurai is proud of being the first Sonatype partner in Japan​

Sonatype is the leading provider of DevOps-native tools to automate modern software supply chains.

As the creators of Apache Maven, the Central Repository, and Nexus Repository, Sonatype pioneered componentized software development and has a rich history of supporting open source innovation.

Today, more than 120,000 organizations depend on Sonatype’s Nexus platform to govern the volume, variety, and quality of open source components flowing into modern software applications.

Use Cases


Software Development

  • Innovate faster.
  • Fewer bugs to fix.
  • Automatically leverage highest quality open source components.

Application Security

  • Shift security left.
  • Automatically identify open source risk.
  • Rapidly remediate known vulns early, everywhere, at scale.


  • Release faster with less risk.
  • Fully align Dev, Sec, and Ops teams.
  • Infuse automated governance into every phase of your CI/CD pipeline.