Fulton, Md., Nov. 19, 2025 (GLOBE NEWSWIRE) -- Sonatype®, the leader in AI-driven DevSecOps, today announced the launch of Nexus One, a single, agentic software supply chain infrastructure unifying open source intelligence, governance, and automation across enterprise software development. Nexus One is the system of record for software artifacts, delivering real-time open source software (OSS) intelligence, proactive risk protection, and agentic automation for dependency management.

“With Nexus One, we’re bringing together Sonatype’s strengths into a cloud-first, developer-centric, and AI-native platform that helps our customers innovate securely in the era of gen AI,” said Bhagwat Swaroop, CEO of Sonatype. “Nexus One isn’t just part of the toolchain, it’s the control layer that enterprises depend on to build, govern, and secure software at scale. We’re redefining what a modern agentic DevSecOps platform can be: intelligent, unified, and future-ready.” 

As generative AI accelerates software pipelines, organizations face mounting challenges securing both human and machine-generated code that are primarily composed of open source components. Traditional governance tools can’t keep up especially while open source malware continues to increase in scale and sophistication. 

Nexus One is powered by the industry’s most comprehensive OSS intelligence, ensuring that every component and application is safe, compliant, and ready to scale. Designed to integrate seamlessly into developers’ workflows, Nexus One provides full-spectrum control across the software development lifecycle from component selection to deployment and continuous monitoring in-between. The platform connects the capabilities that matter most for secure, efficient development:

AI Visibility and Governance: Identifying, managing, and ensuring the safety of AI/ML models used in application development.  Malware Defense: Continuous ML-driven behavioral analysis to detect and block malicious components. Dependency Management and Remediation: Automates risk identification and compliance at scale. SBOM Governance: Simplifies visibility and auditability across complex, multi-source codebases. Secure Artifact Management and Workflow Automation: Sonatype Nexus Repository integrates seamlessly into CI/CD pipelines, developer tools, and cloud environments.

With the broadest visibility in the industry, Nexus One is built on more than 15 years of curated OSS intelligence, including proprietary security research and data sources such as Maven Central and the OSS Index, as well as AI-powered risk discovery and ML-driven analysis of more than 270 million open source components. Sonatype sees 70% more open source vulnerabilities than alternative sources, provides 10x faster insights than the National Vulnerability Database, and achieves 30% faster mean time to remediate compared to industry averages.  

Nexus One marks a new chapter in software governance where development and security share the same intelligence, automation, and visibility. By unifying open source and AI workflows, Sonatype gives teams the clarity to build faster with less rework and the confidence to ship securely. 

To learn more about Nexus One, visit http://www.sonatype.com/products/nexus-one-platform.

About Sonatype 

Sonatype is the leader in AI-driven DevSecOps. As the maintainers of Maven Central and creators of Nexus Repository, Sonatype has spent two decades pioneering how the world manages and secures open source software — making Sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, Sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds — so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, Sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the Fortune 100. To learn more about Sonatype, please visit www.sonatype.com.

Image: https://www.globenewswire.com/newsroom/ti?nf=OTU3ODI2MCM3MjcxNDQwIzUwMDEyODQxMg==

Image: https://ml.globenewswire.com/media/Y2M4MDA5Y2EtZWVjMS00MTBmLTk3N2UtOGJkNzJhMmQ1YmNhLTUwMDEyODQxMi0yMDI1LTExLTE5LWVu/tiny/Sonatype.png Megan Schmidt

Sonatype

[email protected]

Source: Sonatype