Sonatype has launched Nexus One, an AI-native DevSecOps platform designed to strengthen open source security and governance.
Sonatype has introduced Nexus One, an AI-native and agentic DevSecOps platform built to unify open source intelligence, governance, and automation across enterprise software development. Positioned as a single, cloud-first software supply chain infrastructure, Nexus One acts as the system of record for software artifacts, delivering real-time OSS intelligence, proactive risk protection, and automated dependency management.
Fuelled by more than 15 years of curated open source security research, the platform draws on proprietary data sources including Maven Central and the OSS Index, alongside AI-powered risk discovery and ML-driven analysis. Sonatype’s intelligence detects 70 per cent more open source vulnerabilities than alternative sources, provides insights ten times faster than the National Vulnerability Database, and enables 30 per cent faster remediation.
Bhagwat Swaroop, CEO of Sonatype, said: “With Nexus One, we’re bringing together Sonatype’s strengths into a cloud-first, developer-centric, and AI-native platform that helps our customers innovate securely in the era of gen AI. Nexus One isn’t just part of the toolchain, it’s the control layer that enterprises depend on to build, govern, and secure software at scale. We’re redefining what a modern agentic DevSecOps platform can be: intelligent, unified, and future-ready.”
The launch comes at a time when generative AI is accelerating the production of both human-generated and machine-generated code, much of it reliant on open source components. Traditional governance systems are struggling to match the rising sophistication of open source malware.
Nexus One addresses these pressures with capabilities spanning AI visibility and governance, ML-driven malware defence, automated dependency remediation, SBOM governance, and secure artifact management. Built on intelligence covering more than 270 million open source components, the platform provides full-spectrum control from component selection to deployment and continuous monitoring, ensuring applications remain safe, compliant, and scalable.
