U.S. Federal

Eliminate known vulnerabilities from government open source software (GOSS). Sonatype can help.

We help U.S. Federal agencies, their vendors and contractors to build safer software by assuring that the latest and safest versions of open source components are used. Much like a traditional “supply chain” is used to manufacture products, today’s software is built with a supply chain of components from all over the globe, most of which are open source and some of which have known vulnerabilities.

Through software supply chain automation, our products ensure that organizations:

  • Use fewer and better open source suppliers
  • Use the highest quality components
  • And track component usage so newly discovered vulnerabilities can be located and patched quickly

This is a high priority for the US Government – even with the potential for legislation which is actively being discussed about Cyber Supply Chain Management. Sonatype can help you address this challenge now.


The Nexus Solutions

Nexus Repository Manager

Centralize, store, version and release all build components. Includes enterprise level support and advanced features. Learn more

Nexus Firewall

Block undesirable components from entering or leaving your repository manager. Learn more

Nexus Lifecycle

Support agile by automating policies to ensure acceptable components are used across the software life cycle. Learn more

Nexus Auditor

Continually monitor applications for known vulnerabilities in open source components. Learn more

Trusted for mission critical Federal applications


Growing partner network


Authorized resellers


Sonatype: A long history of supporting open source.

Sonatype has a long history of accelerating open source usage. As the stewards of the Central Repository, the creators of the Apache Maven project and the distributors of the Nexus repository managers, Sonatype has supported the adoption of open source by more than 11 million developers worldwide.

Today, Nexus repository managers are preferred 6:1 over all other brands and Nexus Lifecycle has fast become the world-leading choice for open source governance and robust software supply chain automation.

Learn More

Open Source Software in Government: Challenges and Opportunities

In their paper “Open Source Software in Government: Challenges and Opportunities,” authors Tom Dunn & David Wheeler discuss the need for guidance when discussing open source software (OSS), including the impact of certain restrictive licenses such as GPL, and the growing need for OSS use in development as federal budgets shrink.

“Typically, people divide the (software) world into cost, schedule, functionality, quality. In my experience, almost everyone when they talk ‘quality’, are excluding security.” — David A. Wheeler

Listen to the Interview

David Wheeler
Institute for Defense Analyses

What's Next?

Create a free bill of materials to identify known cyber vulnerabilities in your software.

As a free community service, Sonatype offers a proprietary application analysis tool you can use to run your own confidential "application health check."

  • Confidentially and quickly analyze your open source components
  • Create a "bill of materials" inventory of precisely which components are used and where
  • Identify specific security, quality and license risks
  • Analyze both internal and third party applications
  • Ideal for Cyber Supply Chain Act initiatives

Learn more & start your analysis

Want a Nexus Continuous Advantage? Start Here.