惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Check Point Blog
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
U
Unit 42
美团技术团队
NISL@THU
NISL@THU
C
Cisco Blogs
SecWiki News
SecWiki News
N
Netflix TechBlog - Medium
Forbes - Security
Forbes - Security
Cloudbric
Cloudbric
雷峰网
雷峰网
T
Tailwind CSS Blog
博客园 - 司徒正美
The Register - Security
The Register - Security
L
LangChain Blog
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
B
Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Threat Research - Cisco Blogs
I
InfoQ
S
Schneier on Security
L
Lohrmann on Cybersecurity
量子位
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Martin Fowler
Martin Fowler
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
TaoSecurity Blog
TaoSecurity Blog
K
Kaspersky official blog
Google DeepMind News
Google DeepMind News
Cisco Talos Blog
Cisco Talos Blog
PCI Perspectives
PCI Perspectives
Attack and Defense Labs
Attack and Defense Labs
WordPress大学
WordPress大学
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
D
Docker
N
News | PayPal Newsroom
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Hacker News: Front Page
云风的 BLOG
云风的 BLOG
Microsoft Security Blog
Microsoft Security Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 聂微东
Webroot Blog
Webroot Blog
MongoDB | Blog
MongoDB | Blog

Press Releases

Sonatype Research Labs Marks 15 Years of Open Source Intelligence Sonatype Named a Leader in the 2026 Gartner® Magic Quadrant™ Sonatype Strengthens Leadership Team for AI-Driven Growth Sonatype Firewall Extends Malicious Package Protection Sonatype and Package Registry Leaders Unite on OS Sustainability Sonatype Releases Q1 2026 Open Source Malware Index AI Grounded in Intelligence Delivers Safer Outcomes | Sonatype Sonatype Research Reveals Open Source Malware Grows 75% Sonatype Introduces Guide for Secure Agentic Development CVE Program Leaves Vulnerabilities Unscored | Sonatype Sonatype Grand Opening of India Innovation Hub in Hyderabad Announcing 2025 Elevate Award Winners & Finalists | Sonatype Open Source Malware Surges in Q3 as Attackers Target Dependencies Sonatype Named Visionary in 2025 Gartner® Magic Quadrant™ for AST Sonatype Launches Nexus Repository Cloud in the AI Era | Sonatype
Sonatype Unveils Nexus One: An AI-Native DevSecOps Platform
2025-11-19 · via Press Releases

Unifying governance, automation, and open source security across the AI-powered software supply chain 


Fulton, Md. –
November 19, 2025 – Sonatype®, the leader in AI-driven DevSecOps, today announced the launch of Nexus One, a single, agentic software supply chain infrastructure unifying open source intelligence, governance, and automation across enterprise software development. Nexus One is the system of record for software artifacts, delivering real-time open source software (OSS) intelligence, proactive risk protection, and agentic automation for dependency management.

“With Nexus One, we’re bringing together Sonatype’s strengths into a cloud-first, developer-centric, and AI-native platform that helps our customers innovate securely in the era of gen AI,” said Bhagwat Swaroop, CEO of Sonatype. “Nexus One isn’t just part of the toolchain, it’s the control layer that enterprises depend on to build, govern, and secure software at scale. We’re redefining what a modern agentic DevSecOps platform can be: intelligent, unified, and future-ready.” 

As generative AI accelerates software pipelines, organizations face mounting challenges securing both human and machine-generated code that are primarily composed of open source components. Traditional governance tools can’t keep up especially while open source malware continues to increase in scale and sophistication

Nexus One is powered by the industry’s most comprehensive OSS intelligence, ensuring that every component and application is safe, compliant, and ready to scale. Designed to integrate seamlessly into developers’ workflows, Nexus One provides full-spectrum control across the software development lifecycle from component selection to deployment and continuous monitoring in-between. The platform connects the capabilities that matter most for secure, efficient development:

  • AI Visibility and Governance: Identifying, managing, and ensuring the safety of AI/ML models used in application development. 
  • Malware Defense: Continuous ML-driven behavioral analysis to detect and block malicious components.
  • Dependency Management and Remediation: Automates risk identification and compliance at scale.
  • SBOM Governance: Simplifies visibility and auditability across complex, multi-source codebases.
  • Secure Artifact Management and Workflow Automation: Sonatype Nexus Repository integrates seamlessly into CI/CD pipelines, developer tools, and cloud environments.

With the broadest visibility in the industry, Nexus One is built on more than 15 years of curated OSS intelligence, including proprietary security research and data sources such as Maven Central and the OSS Index, as well as AI-powered risk discovery and ML-driven analysis of more than 270 million open source components. Sonatype sees 70% more open source vulnerabilities than alternative sources, provides 10x faster insights than the National Vulnerability Database, and achieves 30% faster mean time to remediate compared to industry averages.  

Nexus One marks a new chapter in software governance where development and security share the same intelligence, automation, and visibility. By unifying open source and AI workflows, Sonatype gives teams the clarity to build faster with less rework and the confidence to ship securely. 

To learn more about Nexus One, visit http://www.sonatype.com/products/nexus-one-platform.

About Sonatype 

Sonatype is the leader in AI-driven DevSecOps. As the maintainers of Maven Central and creators of Nexus Repository, Sonatype has spent two decades pioneering how the world manages and secures open source software — making Sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, Sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds — so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, Sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the Fortune 100. To learn more about Sonatype, please visit www.sonatype.com.