Feature Tour:

Firewall, Lifecycle & Auditor

Build quality in! Avoid unplanned work & risk across your entire life cycle.

Trusted by...

of the top credit card companies

of the top 10 banks

of the top IT equipment vendors

of the top 10 aerospace companies

Nexus Firewall

Automatically block undesirable components from entering or leaving your repository.

Nexus Lifecycle

Use software supply chain intelligence and policy management to eliminate undesirable components across the SDLC.

Nexus Auditor

Monitor the quality and integrity of components in applications. Be alerted of newly discovered vulnerabilities.

Learn about the capabilities of the Sonatype IQ Server
(formerly Component Lifecycle Management).

Featuring the Sonatype IQ Server - Up-to-date Component Intelligence

Manual monitoring simply isn’t realistic, efficient or reliable
  • Up-to-date component intelligence covering known vulnerabilities, restrictive licenses, component age, popularity and other quality characteristics.
  • 2-4 hours of research is dedicated to every CVE (Common Vulnerability Enumeration) in the NVD
  • Precise root cause of the issue and component dependencies are identified
  • Up-to-date component information is leveraged in Nexus software supply chain automation solutions based on integration points

Accurate Component Identification

Sonatype's proprietary technology reduces false matches
  • Patent-pending advanced binary fingerprinting identifies all open source software and proprietary components, as well as their dependencies
  • Determines which components are an exact, partial or modified match
  • Unlike other methods, there are no false positives or false negatives. No thick reports to decipher.
  • Extensive support for the most popular component formats, such as Maven/Java, npm and NuGet.


Automate & Enforce Open Source Policies

Define unacceptable components and desired actions
  • Replace manual workflow and the burden of manual reviews
  • Automate policies to build an effective, secure software development lifecycle
  • Utilize 'out-of-the-box' policies to gain an immediate view of security, license and quality risk
  • Customize policies to meet specific compliance goals or mandates

Create an Application Bill of Materials

Gain visibility into the components used in your applications:
  • In just minutes, get a complete inventory of all components used in any application
  • Determine specific components and their dependencies by name, including any associated security, license and quality risks
  • Identify the exact location of any component within an application.


Avoid unplanned work and break fixes. Choose better, safer components

Offer developers better component choices without delaying development
  • Deliver component intelligence to developers in the tools they use everyday.
  • Prevent developers from unknowingly using components that are outdated, vulnerable or have restrictive licenses.
  • Early detection and remediation prevents unplanned work, break-fixes, and maintainability issues.

Leverage Agile, Continuous Delivery

Integrate component intelligence across popular software life cycle tools
  • Automate open source policy across your entire software life cycle
  • Determine when to just monitor, warn or fail a build over a violated policy
  • Assure that policies are enforced as components are consumed across a variety of development tools, like Jenkins, Hudson, Bamboo, Maven, Docker, Puppet, Chef, SonarQube and more


Gain Visibility & Transparency

All stakeholders have a clear view of component usage at various stages
  • Customizable reports provide instant visibility into component usage and known vulnerabilities & restrictive licenses
  • Filter by applications, policies and SDLC stages based on your IQ Server integration points
  • Utilize severity rankings to prioritize triage efforts

Continuously Monitor for New Defects

Early warning system keeps you informed of newly discovered defects
  • Be alerted of new defects based on our real-time, continuously updated component intelligence feed
  • Stay one step ahead of your adversaries by having insight as soon as possible
  • Improve incident response with precise identification of components and where you are impacted

For a more detailed list of features, see our comparison matrix

Request a Nexus Lifecycle evaluation copy and in just 1 hour answer these questions.

  • What components are used in your applications?
  • Which applications have the greatest component-based security, license and quality risk?
  • Have your current open source policies, golden repositories, whitelists and other processes been keeping you safe?
  • Which risks pose the greatest threat to your organization and how should they be prioritized for remediation?

I’m interested in Software Supply Chain Automation. I want to...

See a Demo     Talk to a Consultant     Get an Evaluation Copy