Platform
Solutions
Pricing
Resources
Partners
Company
- About
- Careers
- Events
- Newsroom
- Contact
BOOK A DEMO

Platform
Solutions
Pricing
Resources
Partners
Company
- About
- Careers
- Events
- Newsroom
- Contact
BOOK A DEMO

Software composition analysis

Nexus Lifecycle
Eliminate OSS risk across the entire SDLC.
Nexus Firewall
Protect Nexus and Artifactory repos from OSS risk.

Nexus Lifecycle Add-on:

Advanced Development Pack
Advanced Legal Pack

CODE QUALITY Analysis

Sonatype Lift
Find and fix security, performance, and reliability bugs during code review.

Repository MANAGEMENT

Nexus Repository OSS
Universally manage binaries and artifacts for FREE.
Nexus Repository Pro
Universally manage binaries and artifacts with HA and support.

Container Security

Nexus Container
Identify and remediate OSS risk in containers for build and run-time protection.

Nexus Lifecycle Add-on:

Infrastructure as Code Pack

Full Spectrum Platform

Automate your software supply chain security against every attack with Sonatype’s suite of products..

Plans & PRICING

We’ve got your software supply chain covered. Simply pick the plan that works best for your team.

For Professionals

Developers
Application Security
DevSecOps
Legal & Compliance

For Industries

Government
Financial Services
Manufacturing
Technology
Healthcare

Content

Whitepapers & eBooks
Webinars
Videos
Events

CUSTOMER Portal

My Sonatype
Customer support, product guides & documentation, online courses, community, and more.

INtegrations & FREE TOOLS

Sonatype Integrations
Sonatype OSS Index
Nexus Vulnerability Scanner
Free Developer Tools

About us

About Sonatype
About Nexus Intelligence
Partners
Careers at Sonatype
Press Releases
Media

Contact Us

$: DevZone |

Life is hard. Dependencies don't have to be.

Breaking news, security deep dives, developer culture and coffee from the stewards of Maven Central.

In Numbers

Our automated system has discovered a total of

108,232

packages that are malicious, suspicious, or proof of concept since 2019

We've helped take down

29,439

malicious packages from open registries and publicly disclosed them through our channels.

Last Updated: Mar 21, 2023

[New Live Series] Dev Chat with Dan Conn: Beware of Malware

Top 8 Malicious Attacks Recently Found On PyPI

Wicket Good Development headline image (hands on a keyboard)

Wicked Good Development Episode 29: White House Unveils New National Cybersecurity Strategy

From the Blog

Malware Monthly - February 2023

Wicket Good Development headline image (hands on a keyboard)

Wicked Good Development Episode 28: Simon Brown on Visualizing Software Architecture

How Stolen Information Stealers are Fueling an Underground Market

Meet an Open Source Developer - A.J. Brown

Meet an Open Source Developer - Lex Vorona

Wicket Good Development headline image (hands on a keyboard)

Wicked Good Development Episode 27: Build Breaking and More With ABN AMRO's Ingmar Vis

Meet an Open Source Developer - Allie Sierra

5 Tools to Automate SBOM Creation

MORE FROM DEVZONE >>

In Numbers

Our automated system has discovered a total of

108,232

packages that are malicious, suspicious, or proof of concept since 2019

We've helped take down

29,439

malicious packages from open registries and publicly disclosed them through our channels.

Last Updated: Mar 21, 2023

Now Available

READ THE REPORT

READ THE REPORT

Tweets by sonatypeDev

Stay In the Know

Sign up for the DevZone newsletter.

Have an awesome story, news tip, a suggestion to share? Drop our editorial team a note at devzone@sonatype.com

Secure your software supply chain

Explore Platform

Platform
- Overview
- Firewall
- Repository
- Lifecycle
- Integrations
- Pricing
Other Products

Solutions
- By Role
- By Industry

Community
- Free tools
- Resources

Partners
Customer Portal

Company
- About
- Careers
- Newsroom
- Investors
- Contact
- Press Kit
- Trust Center

Subscribe for all the latest software security news and events

Terms of Service
Privacy Policy
Modern Slavery Statement
Event Terms and Conditions
Do Not Sell My Personal Information

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.