Audience
Developers
About Nexus Auditor
Know what production apps are made of. Nexus Auditor automatically generates a software bill of materials to identify open source components used within 3rd party or legacy applications. Get a complete list of open source components included within your app to quickly identify components that violate your open source policies.
Nexus Lifecycle
Continuously secure your entire software supply chain. With a Chrome browser extension, developers know if an open source component is vulnerable when selecting from public repositories. With integration to the most popular IDEs, developers can select the best components based on real-time intelligence and move to an approved version with one click. Nexus Lifecycle integrates with Eclipse, IntelliJ, and Visual Studio. Nexus Lifecycle integrates with GitHub, GitLab, and Atlassian Bitbucket to automatically generate pull requests for components that violate open source policies. Developers can easily see what versions they should use in order to fix violations — no more guessing what version to upgrade to. Development teams can trust that the PR is accurate because only Nexus Lifecycle has the precision and accuracy from Nexus Intelligence to eliminate the noise found in other automated dependency management solutions.
Learn more
FossID
Software Composition Analysis (SCA)
FossID Workbench enables precise identification of open source components and vulnerabilities. It integrates into software development cycles, providing license recognition, proactive security checks, and detailed compliance reporting. FossID Workbench is available across various industries and helps to ensure that organizations can confidently meet their legal, security, and operational needs in open source software management.
Comprehensive Scanning
Creates a thorough and complete software bill of materials (SBOM) that catalogs all open source in use, regardless of how it made its way into the codebase.
Detailed Reporting
Ensures distribution compliance by generating reports, notices files, and copyright statements.
Integration & Extensibility
Features custom workflows, performing administrative tasks, generating reports, and more with the API.
Learn more
Revenera SCA
Take control of your open source software management.
Empower your organization to manage open source software (OSS) and third-party components. FlexNet Code Insight helps development, legal and security teams to reduce open source security risk and manage license compliance with an end-to-end system.
FlexNet Code Insight is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk while you build your products and during their entire lifecycle. Manage open source license compliance, add automation to your processes, and implement a formal OSS strategy that balances business benefits and risk management. Integrate with build tools, CI/CD and SCM tools, artifact repositories, external repositories or build your own integrations using the FlexNet Code Insight REST API framework to make code scanning easy and effective.
Learn more
CycloneDX
OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. Strategic direction and maintenance of the specification is managed by the CycloneDX Core working group, with origins in the OWASP community. A complete and accurate inventory of all first-party and third-party components is essential for risk identification. BOMs should ideally contain all direct and transitive components and the dependency relationships between them. Adopting CycloneDX allows organizations to quickly meet these minimum requirements and mature into using more sophisticated use cases over time. CycloneDX is capable of achieving all SBOM requirements defined in the OWASP Software Component Verification Standard (SCVS).
Learn more
Integrations
Company Information
Sonatype
Founded: 2008
United States
www.sonatype.com/nexus/auditor
You Might Also Like
Azavista is the all-in-one Event Management solution that helps corporate, and conference professionals improve the experience and streamline venue planning. Offering a platform and Visitor Management tools that handle any event; the software is scalable with loads of features, like the ability to create notices when specific guests arrive or setting threshold limits for the number of attendees.
Product Details
Platforms Supported
SaaS