Sonatype Announces New Hassle-Free Path Toward Secure Software Development

Share Article

Nexus Pro CLM Edition defines and enforces component policies in the software build and release process.

Nexus Pro CLM Edition Component Risk & Policy Management

Nexus Pro CLM Edition provides visibility into component risks and allows you to define and enforce policies for release staging and promotion.

"Having policy management built right into the tools developers use every day makes security a habit, not a hassle.”

Sonatype, the leader in Component Lifecycle Management (CLM) today announced the launch of Nexus Pro CLM Edition, an enhanced version of their market-leading Nexus Pro repository manager enabling users to easily define and enforce policies during software development. Improved policy management helps organizations reduce security and license risks. Nexus Pro CLM Edition allows greater control over component usage and is an important first step toward complete component lifecycle management.

With Nexus Pro CLM Edition, security, licensing and architecture policies are easily defined and automatically enforced in the release and staging process. Today's modern software application is primarily based on a common set of building blocks that are mainly comprised of open source components. Although these components can be downloaded from anywhere, the majority of these are downloaded from the Central Repository. The Central Repository contains more that 400,000 individual components that make their way into an even greater number of custom and open source applications and frameworks. Many of these are the foundational elements of today's enterprise applications. According to industry studies*, 80 percent of all applications are comprised of components and 90 percent of component repositories contain severe vulnerabilities.

“Many organizations either don’t have policies or have difficulty enforcing them. Nexus Pro CLM Edition addresses both of these challenges head-on,” says Wayne Jackson, Sonatype, CEO. “Agile, component-based development requires the proper balance of automation and human effort. Humans should only have to define policies and manage exceptions, machines should automate the enforcement. Having policy management built right into the tools developers use every day makes security a habit, not a hassle.”

Nexus Pro CLM Edition gives Nexus Pro users an easy way to explore some of the more robust governance and security features in Sonatype’s complete Component Lifecycle Management solution (CLM). Nexus Pro provides the foundation for storing, managing and sharing components. Nexus Pro CLM Edition adds the capability to prevent flawed components from making their way into production. Sonatype’s full CLM solution extends component governance features beyond the Nexus Pro Repository to the entire lifecycle, including the IDE and CI Server.

“Nexus Pro CLM Edition is a stepping stone toward complete component lifecycle management,” says Jackson. “Our goal is to help organizations enhance software security at whatever pace is right for them. Nexus Pro CLM Edition may be the best start for some, while complete CLM is best for others such as Bosch Software Innovations.”

"At Bosch Software Innovations, we are dedicated to delivering high quality software products only. Open source software has become an important addition to our in-house software development. Sonatype CLM makes it easy for us to use the right components, to avoid security and licensing risks, to comply with our policies, and do it all in a way that is respectful of the open source community,” said Steffen Evers, Open Source Officer at Bosch Software Innovations GmbH.

Sonatype’s Nexus Repository Managers are used by 20,000 organizations representing 70 percent of the repository manager market. Nexus Pro CLM Edition represents a foundational step in the path toward full component lifecycle management. The Sonatype CLM family of products enables organizations to accurately identify and analyze component usage, effectively govern the entire software lifecycle, and proactively fix flawed components.

For more information about Sonatype’s Nexus Pro CLM Edition, please visit To learn more about Sonatype CLM please visit

About Sonatype
Sonatype is leading the component revolution. The company’s innovative Component Lifecycle Management (CLM) products enable organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks. Sonatype operates the Central Repository, the industry's primary source for open-source components, serving more than eight billion requests per year from more than 70,000 organizations. The company has been a pioneer in component-based software development since its founding by Jason van Zyl, the creator of the Apache Maven build management system and the Sonatype Central Repository. Since that time, Sonatype has been a leader in core open-source software development ecosystem projects used by more than nine million developers including Nexus, m2eclipse, and Hudson. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit: or follow Sonatype on Twitter @SonatypeCLM.

Media Contacts:
Julie McHenry
650-560-8030 office
650-504-6655 cell

Karen Gardner
301-684-8080 x143 office
703-851-7872 cell

  • Based on an analysis of the Central Repository and 1000+ Repository and Application Healthcheck Risk Assessments.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Julie McHenry
Email >

Karen Gardner
Email >
Follow us on
Visit website