Tool integrations
OpenShift
Use the Sonatype platform to store and manage binaries, build artifacts, and Docker containers within your OpenShift environment.
Amazon Web Services
Manage and secure open source and third-party components in the cloud with Sonatype Nexus Repository and IQ Server.
Red Hat Clair**
Sonatype Lifecycle integrates with Red Hat Clair to evaluate application, runtime, and OS level vulnerabilities within IQ for a single view into container risk.
Sonatype Container
Helping your Development, Security, and Operations teams discover, continuously monitor, and fix container vulnerabilities during the entire container lifecycle.
PyCharm
Integrate Sonatype Nexus Repository Manager with PyCharm for faster Python development.
Eclipse
Empower developers with precise component intelligence directly within the Eclipse IDE.
IntelliJ IDEA
Empower developers with precise component intelligence directly within IntelliJ IDEA.
Microsoft Visual Studio
Empower developers with precise component intelligence directly within Microsoft Visual Studio.
VS Code*
Scans JavaScript, R, Ruby, GoLang, PyPy (Python) projects for vulnerable third party dependencies
WebStorm
Get precise component intelligence for JavaScript/Node modules in WebStorm, the JS-focused IDE from Jetbrains.
Jenkins
Shift security and quality practices left by automatically sending alerts or failing Jenkins builds when application components are out of compliance with your open source policies.
Atlassian Bamboo
Shift security and quality practices left by automatically sending alerts or failing Bamboo builds when application components are out of compliance with your open source policies.
GitLab
Our new Lifecycle integration with GitLab Ultimate lets you view vulnerability findings directly in your project’s Vulnerability Report and Dependency List.
Azure DevOps
Shift security and quality practices left by automatically sending alerts or failing Azure builds when application components are out of compliance with your open source policies.
CircleCI*
Publish components automatically from CircleCI to Nexus Repository with native orb integration.
Xebia Labs**
Identify the risk associated with open source components used within your applications and understand where those applications are deployed - QA, UAT, Production.
Chrome Extension
Identify the risk within a package before you even download it with our Chrome extension.
AuditJS
Scan JavaScript (node.js inclusive) projects for vulnerable third party dependencies
Pants*
A Cargo subcommand that provides a bill of materials in a project and any vulnerabilities that are found on those dependencies.
Sherlock Trunks
A Gradle plugin that scans the dependencies of a Gradle project for vulnerabilities.
Micro Focus Fortify
Gain a 360-degree view of all your application security issues with integration to Fortify SSC and Fortify On-Demand.
ThreadFix**
View Sonatype Lifecycle data in the ThreadFix dashboard for a single view of application security issues.
GitHub
Sonatype Lifecycle pushes component intelligence into GitHub where developers can view and respond to policy violations directly in pull requests.
Atlassian Bitbucket
Sonatype Lifecycle pushes component intelligence into Bitbucket where developers can view and remediate policy violations with detailed Code Insights.
Azure DevOps
Sonatype Lifecycle integrates component intelligence into Azure DevOps where developers can remediate vulnerabilities and policy violations directly in pull requests.
JIRA
Auto-create Jira tickets when policy violations are triggered in Sonatype Lifecycle.
sbt
Resolve dependencies and deploy your artifacts and build information to Sonatype Nexus Repository.
Maven
Infuse your Maven builds with the most precise component intelligence and automatically fail builds based on policy violations, including violations found in transitive dependencies.
Gradle
Resolve dependencies and deploy your artifacts and build information to Sonatype Nexus Repository.
Language support
| Name | ||
|---|---|---|
|
(Conan)
|
(Conan)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Typescript |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(EPEL)
|
Package support
| Name | |||
|---|---|---|---|
|
Footnote:
|
||
|
Footnote:
|
||
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
via Community
|
|
Footnote:
|
||
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
||
|
Footnote:
|
|
|
|
Footnote:
|
||
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
|
|
Footnote:
|
|
|
|
Footnote:
|
|
|
“Nexus has shown our organization that security has to be built in. Security is not something that you bolt on. To be successful, it must be built in, from architecture to design, to coding and testing.”
