Nexus Lifecycle

Eliminate open source risk across the entire SDLC.

It’s no secret. Developers use open source ­— in fact, 85% of a modern application is comprised of open source components and unfortunately one in ten open source component downloads contain a known security vulnerability. Given this inherent risk, how do modern software teams select the best components, govern open source usage, and still deliver at DevOps speed? With automated open source governance.

Nexus Lifecycle empowers developers and security professionals to make safer open source choices across the SDLC, ensuring organizations continue to innovate with less risk.

Empower developers to select safer components. Lifecycle’s chrome browser extension lets developers know if an open source component is vulnerable when selecting from public repositories.

Control open source risk without switching tools. We integrate with the most popular pipeline and development tools you’re already using, so you don’t have to waste any of your time adapting to new tools or processes.

Speed things up with instant feedback in source code management. Integrations with GitHub, GitLab, and Atlassian Bitbucket automatically generate pull requests for components that violate open source policies.

Lifecycle compares the difference on any active branch and, if bad components or vulnerabilities will be introduced in a pull/merge request, it highlights the exact line(s) of code that brought them in, along with detailed recommendations on how to fix the issues.

Dive deeper when you want more information. Sometimes you don’t want to go the automated remediation route — we get it. If you choose not to rely on our policy engine to make decisions automatically, we give you all the knowledge you need to make the most informed decision to efficiently resolve any open source component or dependency issue manually.

Compare and evaluate components using our enhanced comparison functionality to better identify ideal component versions for your project.

Automatically generate a Software Bill of Materials. Verify policy compliance by knowing what components are used and where. In just minutes generate a precise software BoM for each app to identify every open source component along with its dependencies.

Enforce open source policies without sacrificing speed. Create custom security, license, and architectural policies based on application type or organization and contextually enforce those policies across every stage of the software development life cycle.

Key Benefits of Nexus Lifecycle

Screen Shot 2022-10-24 at 14.39.03

Advanced Reporting

Generate a Software Bill of Materials for each app to identify every open source component and its dependencies along with additional reports to show risk reduction and mean time to resolution trends.

Screen Shot 2022-10-24 at 14.39.05

The Freedom of Flexible

Policies Lifecycle gives you full control over your software supply chain and allows you to define security, license, and architectural policies that work best for your organization and teams.

Screen Shot 2022-10-24 at 14.39.09

No Context Switching

Nexus Lifecycle integrates with the most popular pipeline and development tools you’re already using and gives instant feedback in GitHub, GitLab, and Atlassian Bitbucket to automatically generate pull requests.

We distribute Sonatype products and
provide professional services