惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Privacy International News Feed
I
Intezer
T
Tenable Blog
S
Schneier on Security
Project Zero
Project Zero
G
GRAHAM CLULEY
酷 壳 – CoolShell
酷 壳 – CoolShell
小众软件
小众软件
Know Your Adversary
Know Your Adversary
博客园 - 司徒正美
The Cloudflare Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
News and Events Feed by Topic
博客园 - 叶小钗
宝玉的分享
宝玉的分享
L
LINUX DO - 热门话题
aimingoo的专栏
aimingoo的专栏
S
Secure Thoughts
Forbes - Security
Forbes - Security
T
The Exploit Database - CXSecurity.com
D
Darknet – Hacking Tools, Hacker News & Cyber Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 【当耐特】
罗磊的独立博客
IT之家
IT之家
H
Hacker News: Front Page
I
InfoQ
云风的 BLOG
云风的 BLOG
S
Security Affairs
M
MIT News - Artificial intelligence
GbyAI
GbyAI
Jina AI
Jina AI
Help Net Security
Help Net Security
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
Webroot Blog
Webroot Blog
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
Attack and Defense Labs
Attack and Defense Labs
The Register - Security
The Register - Security
V
V2EX
G
Google Developers Blog
D
DataBreaches.Net
Apple Machine Learning Research
Apple Machine Learning Research
C
Cybersecurity and Infrastructure Security Agency CISA
J
Java Code Geeks
W
WeLiveSecurity
Cloudbric
Cloudbric
T
Tor Project blog

Press Releases

Sonatype Research Labs Marks 15 Years of Open Source Intelligence Sonatype Named a Leader in the 2026 Gartner® Magic Quadrant™ Sonatype Strengthens Leadership Team for AI-Driven Growth Sonatype Firewall Extends Malicious Package Protection Sonatype and Package Registry Leaders Unite on OS Sustainability Sonatype Releases Q1 2026 Open Source Malware Index AI Grounded in Intelligence Delivers Safer Outcomes | Sonatype Sonatype Research Reveals Open Source Malware Grows 75% Sonatype Introduces Guide for Secure Agentic Development CVE Program Leaves Vulnerabilities Unscored | Sonatype Sonatype Grand Opening of India Innovation Hub in Hyderabad Announcing 2025 Elevate Award Winners & Finalists | Sonatype Open Source Malware Surges in Q3 as Attackers Target Dependencies Sonatype Named Visionary in 2025 Gartner® Magic Quadrant™ for AST Sonatype Launches Nexus Repository Cloud in the AI Era | Sonatype
Sonatype Unveils Nexus One: An AI-Native DevSecOps Platform
2025-11-19 · via Press Releases

Unifying governance, automation, and open source security across the AI-powered software supply chain 


Fulton, Md. –
November 19, 2025 – Sonatype®, the leader in AI-driven DevSecOps, today announced the launch of Nexus One, a single, agentic software supply chain infrastructure unifying open source intelligence, governance, and automation across enterprise software development. Nexus One is the system of record for software artifacts, delivering real-time open source software (OSS) intelligence, proactive risk protection, and agentic automation for dependency management.

“With Nexus One, we’re bringing together Sonatype’s strengths into a cloud-first, developer-centric, and AI-native platform that helps our customers innovate securely in the era of gen AI,” said Bhagwat Swaroop, CEO of Sonatype. “Nexus One isn’t just part of the toolchain, it’s the control layer that enterprises depend on to build, govern, and secure software at scale. We’re redefining what a modern agentic DevSecOps platform can be: intelligent, unified, and future-ready.” 

As generative AI accelerates software pipelines, organizations face mounting challenges securing both human and machine-generated code that are primarily composed of open source components. Traditional governance tools can’t keep up especially while open source malware continues to increase in scale and sophistication

Nexus One is powered by the industry’s most comprehensive OSS intelligence, ensuring that every component and application is safe, compliant, and ready to scale. Designed to integrate seamlessly into developers’ workflows, Nexus One provides full-spectrum control across the software development lifecycle from component selection to deployment and continuous monitoring in-between. The platform connects the capabilities that matter most for secure, efficient development:

  • AI Visibility and Governance: Identifying, managing, and ensuring the safety of AI/ML models used in application development. 
  • Malware Defense: Continuous ML-driven behavioral analysis to detect and block malicious components.
  • Dependency Management and Remediation: Automates risk identification and compliance at scale.
  • SBOM Governance: Simplifies visibility and auditability across complex, multi-source codebases.
  • Secure Artifact Management and Workflow Automation: Sonatype Nexus Repository integrates seamlessly into CI/CD pipelines, developer tools, and cloud environments.

With the broadest visibility in the industry, Nexus One is built on more than 15 years of curated OSS intelligence, including proprietary security research and data sources such as Maven Central and the OSS Index, as well as AI-powered risk discovery and ML-driven analysis of more than 270 million open source components. Sonatype sees 70% more open source vulnerabilities than alternative sources, provides 10x faster insights than the National Vulnerability Database, and achieves 30% faster mean time to remediate compared to industry averages.  

Nexus One marks a new chapter in software governance where development and security share the same intelligence, automation, and visibility. By unifying open source and AI workflows, Sonatype gives teams the clarity to build faster with less rework and the confidence to ship securely. 

To learn more about Nexus One, visit http://www.sonatype.com/products/nexus-one-platform.

About Sonatype 

Sonatype is the leader in AI-driven DevSecOps. As the maintainers of Maven Central and creators of Nexus Repository, Sonatype has spent two decades pioneering how the world manages and secures open source software — making Sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, Sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds — so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, Sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the Fortune 100. To learn more about Sonatype, please visit www.sonatype.com.