Platform
Solutions
Pricing
Resources
Partners
- Become a Partner
- Find a Partner
Company
- About
- Careers
- Events
- Newsroom
- Contact
BOOK A DEMO

Platform
Solutions
Pricing
Resources
Partners
- Become a Partner
- Find a Partner
Company
- About
- Careers
- Events
- Newsroom
- Contact
BOOK A DEMO

Software composition analysis

Nexus Lifecycle
Eliminate OSS risk across the entire SDLC.
Nexus Firewall
Protect Nexus and Artifactory repos from OSS risk.

Nexus Lifecycle Add-on:

Advanced Development Pack
Advanced Legal Pack

CODE QUALITY Analysis

Sonatype Lift
Find and fix security, performance, and reliability bugs during code review.

Repository MANAGEMENT

Nexus Repository OSS
Universally manage binaries and artifacts for FREE.
Nexus Repository Pro
Universally manage binaries and artifacts with HA and support.

Container Security

Nexus Container
Identify and remediate OSS risk in containers for build and run-time protection.

Nexus Lifecycle Add-on:

Infrastructure as Code Pack

Full Spectrum Platform

Automate your software supply chain security against every attack with Sonatype’s suite of products..

Plans & PRICING

We’ve got your software supply chain covered. Simply pick the plan that works best for your team.

For Professionals

Developers
Application Security
DevSecOps
Legal & Compliance

For Industries

Government
Financial Services
Manufacturing
Technology
Healthcare

Content

Whitepapers & eBooks
Webinars
Videos
Events

CUSTOMER Portal

My Sonatype
Customer support, product guides & documentation, online courses, community, and more.

INtegrations & FREE TOOLS

Sonatype Integrations
Sonatype OSS Index
Nexus Vulnerability Scanner
Free Developer Tools

About us

About Sonatype
About Nexus Intelligence
Partners
Careers at Sonatype
Press Releases
Media

Contact Us

$: DevZone |

Life is hard. Dependencies don't have to be.

Breaking news, security deep dives, developer culture and coffee from the stewards of Maven Central.

In Numbers

Our automated system has discovered a total of

245,032

packages that are malicious, suspicious, or proof of concept since 2019

We've helped take down

31,182

malicious packages from open registries and publicly disclosed them through our channels.

Last Updated: June 19, 2023

The history of Maven Central and Sonatype: A journey from past to present

SAST vs. DAST: Enhancing application security

npm packages caught exfiltrating Kubernetes config, SSH keys

From the Blog

New npm PoC packages target PayPal Zettle, Airbnb developers

A guide for open source software (OSS) security

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

Getting started with the Secure Software Development Framework (SSDF)

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

A closer look: Differentiating software vulnerabilities and malware

npm manifest confusion – What is it and do you really need to worry about it?

How to measure the maturity of your software supply chain

MORE FROM DEVZONE >>

In Numbers

Our automated system has discovered a total of

245,032

packages that are malicious, suspicious, or proof of concept since 2019

We've helped take down

31,182

malicious packages from open registries and publicly disclosed them through our channels.

Last Updated: June 19, 2023

Now Available

9th Annual State of the Software Supply Chain Banner

9th Annual State of the Software Supply Chain Banner

Upcoming Events

Cyber Security Summit LA

Los Angeles, CA

Nov 30

JOIN US!

SEE MORE UPCOMING EVENTS >>

Tweets by sonatypeDev

Stay In the Know

Sign up for the DevZone newsletter.

Have an awesome story, news tip, a suggestion to share? Drop our editorial team a note at devzone@sonatype.com

Secure your software supply chain

Explore Platform

Platform
- Overview
- Firewall
- Repository
- Lifecycle
- Integrations
- Pricing
Other Products

Solutions
- By Role
- By Industry

Community
- Free tools
- Resources

Partners

Company
- About
- Careers
- Newsroom
- Investors
- Contact
- Press Kit
- Trust Center

Subscribe for all the latest software security news and events

Terms of Service
Privacy Policy
Modern Slavery Statement
Event Terms and Conditions
Do Not Sell My Personal Information

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.