Sonatype Nexus IQ Evaluation - Scan Open Source Repositories for known Vulnerabilities.
This Chrome Extension works with Sonatype Nexus Lifecycle to inspect an OSS package before you download it. The plugin requires a valid Sonatype Nexus Lifecycle instance. You will be prompted to connect to your Sonatype Nexus IQ Server during setup. Note: Supported by Sonatype.
The extension works with the following package managers and their websites.
1. .Net – NuGet – https://www.nuget.org/
2. Alpine – Linux – https://pkgs.alpinelinux.org/
3. Chocolatey – Windows – https://community.chocolatey.org/
4. Clojars – Clojure – https://clojars.org/
5. CocoaPods – iOS – https://cocoapods.org/
6. Conan – C/C++ – https://conan.io/center/
7. Conda – Python – https://anaconda.org/anaconda/
8. Debian – Linux – https://packages.debian.org/
9. Debian – Linux – https://tracker.debian.org/pkg/
10. GitHub – releases – https://github.com/*/releases/tag/*
11. Golang – Go – https://pkg.go.dev/
12. Java – Maven – https://mvnrepository.com/
13. Java – Maven – https://repo.maven.apache.org/
14. Java – Maven – https://repo.spring.io/list/
15. Java – Maven – https://repo1.maven.org/
16. Java – Maven – https://search.maven.org/
17. JavaScript/Node – npm – https://www.npmjs.com/
18. PHP – Packagist/composer – https://packagist.org/
19. Python – PyPI – https://pypi.org/
20. R – CRAN – https://cran.r–project.org/
21. Ruby – RubyGems – https://rubygems.org/
22. Rust – Crates – https://crates.io/
23. Nexus Proxy Repos – supported repository formats are maven2, npm, rubygems and nuget e.g. http://nexus:8081/#browse/browse:maven–central:commons–collections%2Fcommons–collections%2F3.2.1
24. Artifactory Proxy Repos – supported repository formats are maven2 and npm e.g. https://artifactory-server/webapp/#/artifacts/browse/tree/General/npmjs–cache/parseurl/–/parseurl–1.0.1.tgz
25. Artifactory Repo lists – e.g. https://repo.spring.io/list/jcenter–cache/org/cloudfoundry/cf–maven–plugin/1.1.3/
Latest reviews
- (2020-07-22) Neil Schloth: A great tool for analyzing OSS components on the web for high-risk security vulnerabilities prior to downloading for use. Prevent mistakes early on in the SDLC by alerting on insecure packages before they are built in to application code.