Sonatype is excited to announce the release of DepShield, an app powered by OSS Index to identify and remediate vulnerabilities in GitHub projects. Install on your public or private Maven Java and npm Node.js repositories to get actionable OSS Index data directly inside your GitHub project.

Sonatype OSS Index

OSS Index is a free service used by developers to identify open source dependencies and determine if there are any known, publicly disclosed, vulnerabilities.

OSS Index is based on vulnerability data derived from public sources and does not include human curated intelligence nor expert remediation guidance.

Software development teams with requirements for fully automated open source governance powered by precise, curated, and actionable intelligence should investigate the Nexus Platform.


Identify open source security vulnerabilities across a wide range of components.


Integrate open source vulnerability information across your development toolchain with pre-built tools and applications.

Nexus Platform

Automate open source governance across your entire development lifecycle at scale with precise, human curated, actionable intelligence. The Nexus Platform from Sonatype enables you to release faster while controlling open source risk.

Stop bad parts at the front door.

Continuously analyze quality and security.

Organize, store, and distribute parts.