Product Information

Also, see our complete list of white papers.

Solution Overview: Nexus Firewall

Nexus Firewall provides an innovative solution to block undesirable components from getting into your software at the earliest possible point: the repository manager where developers source components. Now you can automate otherwise manual reviews and 'golden repository' strategies in order to keep pace with the speed of today's development practices.

Solution Overview: Nexus Auditor

Use Nexus Auditor to quickly and precisely identify security, license and quality risk across your applications.

Solution Overview: Nexus Lifecycle

Nexus Lifecycle improves the visibility and control of your component- based development by analyzing the content of your application builds and automatically controlling the release process using security, licensing and quality criteria.

Solution Overview: Nexus Repository Management

The use of repository managers—also known as component managers—is helping software development teams achieve significant gains in speed, efficiency, and quality. As the de facto industry standard, learn how Nexus OSS, Nexus Pro and Nexus Lifecycle are used to organize artifacts, improve collaboration across teams, and source the highest quality components for use in their applications.

Private Docker Registries with Nexus Repository Managers

With over 60,000 installations, Nexus Repository Management solutions have long been used to manage software components, assemblies and finished goods from development to delivery. One particularly compelling use case is to store and share Docker images privately and with users and groups in your network. Fine-grained, role-based access controls ensure access to images are private and secure.

Product Brief: HP Fortify on Demand

HP has teamed with Sonatype to provide open source risk analysis in their popular Fortify On Demand product. Analysis is based on data and services provided from Sonatype's Nexus Lifecycle solution (formerly Component Lifecycle Management [CLM]). Learn more.

Guide to the Sonatype Application Health Check

Gain visibility into the components used in an applications and discover potential security, licensing, and quality problems. The Application Health Check Report generates a software bill of materials to help you quickly spot check your applications and code from your suppliers to obtain an accurate view of their flaws or potential vulnerabilities so you can immediately fix any issues.

Executive Brief: Deliver Better, Safer Software Even Faster With Sonatype Software Supply Chain Solutions

Sonatype has been one of the key enablers of modern, component-based development over the last 15 years. Our team has been a driving force behind the creation and adoption of Maven, the Central Repository, the Nexus Repository Manager, and Nexus Lifecycle Management. With millions of developers relying on at least one of our innovations every day, Sonatype has established itself at the nexus of all things critical to today’s continuous software delivery.

Use Case: Nexus Repository Management and Nexus Lifecycle for Operations

Discover how IT Operations teams can benefit from a Nexus Repository Manager or Nexus Lifecycle in their organization. Special emphasis on open source and third-party components which form the software supply chain 'parts' used in the majority of your applications.

eBook: Hidden Speed Bumps on the Road to 'Continuous'

As a companion piece for our '2015 State of the Software Supply Chain Report', this ebook explores the hidden complexities in modern software development by drawing analogies to a traditional supply chain. This is a real eye-opener for anyone who cares about development speed, efficiency and quality.

Booklet: Raise the B.A.R.R. on Open Source Components. Ban Avoidable Risk & Rework

Open source is at the center of today's software and is essential for innovation and efficiency. But is all open source a safe source?

More than 58 million known vulnerable components were downloaded in the past year -- even when safer versions are available. It's no surprise that a recent survey revealed that 33% of organizations had or suspected an open source-related breach.

Why build known vulnerabilities into your software, then spend even more time to get them back out? This booklet describes the six most Common Vulnerability Types (CVTs), ways to avoid open source risk and a free tool you can use to create a "bill of materials" of all the components in an application and identify known security, license and quality risks.

What does sour milk have to do with application safety and security? This intriguing storybook describes the new world of assembled development using open source and third party components, many of which are used long past their "freshness" date. For example, last year more than 51 million vulnerable open source components were downloaded for use in today's applications. And 33% of developers report a breach in an open source component. Good news is that the solution to this avoidable risk is amazingly simple.
Also available in ePub format!

A true story of how Development and Security came together to fix the risk in open source. See how the story ends!

Product Tour: Nexus Lifecycle & Nexus Auditor

Improve speed, efficiency and quality across your entire lifecycle by avoiding outdated and known vulnerable, restrictive or defective open source and 3rd party components. Support the priorities of everyone including AppDev, DevOps, Ops and Compliance/Legal departments.

Product Tour: Nexus Repository Managers

Efficiently store and distribute all components including open source, 3rd party and proprietary as well as all build outputs. and production applications.

Product Overview: From Nexus to Component Lifecycle Management

This product overview is a great resource for any current Nexus or Nexus Pro user interested in expanding their repository strategy to include full governance with Component Lifecycle Management (CLM)

Product Overview: Ten Reasons to Go Pro (Nexus Pro)

Can’t decide between Nexus Open Source and Sonatype Nexus Professional (Nexus Pro)? Learn key differences between Nexus OSS and Nexus Pro, including ten key factors to consider.

Free Trial: Nexus Repository Manager"

Three steps and five minutes is all it takes to start a 14-day free trial of Nexus Repository Manager, the world’s leading repository manager.

Knowledge Base: Configure Maven to Deploy to Nexus

To configure a Maven project to publish artifacts to Nexus, you'll need to add a distribution management element to your project's pom.xml. Learn more in this step-by-step guide.

Knowledge Base: Configure Maven to Download from Nexus

If you are adopting Nexus for internal development you should configure a single Nexus group which contains both releases and snapshots. Learn more in this step-by-step guide.