An Intellyx Brain Candy Brief

Every piece of open source software actually consists of hundreds or thousands of different components. Most commercial software products also depend upon such open source libraries under the covers as well.

Making sure that an organization maintains the current version of every such component is a herculean task. And even one out-of-date component can lead to a massive breach.

Sonatype addresses this problem by automating open source governance with its Nexus open source component repository.

Sonatype automates vulnerability management and governance, helping organizations manage the thousands of open source components they depend upon to keep their companies running and providing remediation guidance to developers.

The 2017 Equifax breach, where an out-of-date version of the open source Struts framework led to the theft of millions of records, is a prime example of the sort of problem Sonatype can mitigate.

The company also maintains the Maven Central repository of open source components as well as open source and commercial versions of Nexus.

Copyright © Intellyx LLC. Intellyx publishes the Agile Digital Transformation Roadmap poster, advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. As of the time of writing, none of the organizations mentioned in this article are Intellyx customers. To be considered for a Brain Candy article, email us at

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our Cortex & Brain Candy Newsletters!

Thank you for reading Intellyx thought leadership!

Please sign up for our biweekly Cortex and Brain Candy newsletters.

The Cortex features thought leadership on Agile Digital Transformation topics, and Brain Candy highlights disruptive vendors in enterprise IT.

We won't spam you and you can unsubscribe at any time.