Sonatype Platform Browser Extension

Shift Security Left with the Sonatype Platform Browser Extension - Scan Open Source Repositories for known Vulnerabilities.

Sonatype Platform Browser Extension - Scan Open Source Repositories

Sonatype Platform Browser Extension is a Chromium browser extension that works with the Sonatype Platform to empower Developers to make better choices earlier in the Software Development Lifecycle. Connect to your Organization's Sonatype Lifecycle Server and get instant risk insight while browsing public Open Source Registries.

Download

Extension stats

By: https://sonatype-nexus-community.github.io/sonatype-platform-browser-extension

Users: 2,000+

Rating: 5.00

(12)

Version: 2.21.0 (Last updated: 2024-11-26)

Creation date: 2023-07-10

Risk impact: Moderate risk impact

Risk likelihood:

Moderate risk likelihood

Manifest version: 3

Permissions:

activeTab
declarativeContent
background
scripting
storage
tabs

Size: 5.33M

Email: co*****@sonatype.com

URLs: Website ,Privacy policy

Ranking

# 21,013 ▲ 80

Other rankings

#3258 in Developer Tools ▲ 4

#11 in platform keyword 11 ▲ 1

#31 in browser extension keyword 76 ▼ 4

#107 in browser keyword 83

#162 in chrome browser keyword 65 ▼ 7

Upgrade to see more rankings

Other platforms

Not available on Android

Not available on Firefox

Not available on Edge

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

This extension for Chromium browsers works with the Sonatype Platform to empower Developers to make better choices earlier in the Software Development Lifecycle.

Connect this extension to your Organization's Sonatype Lifecycle Server and get instant risk insight as you browse public Open Source Registries such as Maven Central (for Java), NPM (for Javascript), PyPi (for Python) and many many more.

This extension supersedes our previous extension (Nexus IQ Chrome Extension) which is being retired by the end of 2023.

User reviews

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.

Pros

Helps identify high-risk security vulnerabilities in OSS components before downloading
Provides insights into security and legal implications of components
Facilitates early decision-making in the software development lifecycle (SDLC)
Useful for researching open source components being considered for applications

Cons

Most mentioned

Useful plugin for analyzing OSS components
Prevents mistakes early in the SDLC
Supports shifting left approach in development

User reviews

I use this all the time. As developers are initially considering which component to use in their application, they get information while looking at the component in the OSS repository without doing anything. Awesome for shifting left selecting the best component rather than remediating downstream!

Chris Wolters, 2024-05-09

A great tool for analyzing OSS components on the web for high-risk security vulnerabilities prior to downloading for use. Prevent mistakes early on in the SDLC by alerting on insecure packages before they are built in to application code.