Name: Sonatype Open Source Community
Type: Organization
Bio: Community projects meant for the Sonatype Platform. Affiliated with Sonatype, but inclusive of work our community has done!
Location: Anywhere, The World
Blog: https://contribute.sonatype.com/
Sonatype Open Source Community's Projects
ahab is a tool to check for vulnerabilities in your apt, apk, or yum powered operating systems, powered by Sonatype OSS Index.
Identify known vulnerabilities in .net nuget dependencies
Audits an NPM package.json file to identify known vulnerabilities.
Dependency vulnerability auditor for PHP
Bug Bash
Dependency vulnerability auditor for Ruby
Audit C/C++ projects (make, cmake, command line, etc.)
A CircleCI orb for using Nancy to scan your Golang projects
Contributor License Agreement assistant (CLA assistant)
community-handbook.sonatype.com
Template Repository from which Sonatype Community Projects should be created
Helpful templates to open source your Sonatype project
A Webpack plugin which copies module sources to a separate directory
SAML SSO for Sonatype Nexus IQ
This repo has example CycloneDx xml formatted SBOMs for popular components across multiple ecosystems. Also, instructions for building and generating the sboms in the readme. If you add or update components, commit back up to the repo.
References for deploying Nexus products.
Open-source, cross-platform, multi-purpose security auditing tool
Chocolatey package configuration for DevAudit
The question set used for the DevSecOps Community Survey
nancy wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal
Sync'd fork for building Community ARM Docker Image of Sonatype IQ Server
Sync'd fork for building Community ARM Docker Image of Sonatype Nexus Repo 3