Sonatype Open Source Vulnerability, Governance and Security

Many Open Source libraries from sources such as Maven and NPM have security vulnerabilities. Sonatype’s Nexus platform prevents these risks through automated governance in your CI/CD pipeline and providing developers with up-to-date information about the libraries they are using early in the development process.


  • Advanced Binary Fingerprinting precisely identifies actual security defects.
  • Rapidly fix real bugs with step-by-step instructions.
  • Detailed information about security concerns right within developers IDEs
  • Release managers can control which libraries are used via policies


  • Leverage highest quality open source components
  • Reduce bugs and security breaches
  • Automatically identify open source risk
  • Release faster and with less risk
  • Introduce governance into your open source library choices
  • Automated governance for every phase of your CI/CD pipeline
  • Give developers the information needed to make informed choices


£175 a unit an hour

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

2 5 4 7 3 7 0 1 6 8 3 9 9 7 3


BDQ Dominic Bush
Telephone: +44 (0)844 8265 236


Planning service
How the planning service works
As a Sonatype partner, BDQ provides licenses, consultancy and support for Sonatype's products. We provide implementation, training and configuration servies, so that you can get the very best from Sonatype.
Planning service works with specific services
Hosting or software services the planning service works with


Training service provided
How the training service works
As part of a Sonatype implementation we deliver a package of training to ensure that users from Dev and Ops can get up and running quickly.
Training is tied to specific services
Services the training service works with

Setup and migration

Setup or migration service available
How the setup or migration service works
We can provide services to support users migrating from other SDLC products.
Setup or migration service is for specific cloud services
List of supported services

Quality assurance and performance testing

Quality assurance and performance testing service
How the quality assurance and performance testing works
Sonatype's Nexus platform puts automated governance into your CI/CD pipeline, identifying vulnerabilities in Open Source libraries from repositories such as Maven and NPM. It provides developers with the most up to date information about the libraries they are using and, by having this information early in the development lifecycle, risky code can be avoided.

Security testing

Security services
Security services type
  • Security risk management
  • Security testing
Certified security testers

Ongoing support

Ongoing support service
Types of service supported
Hosting or software provided by a third-party organisation
How the support service works
We provide first line support of Sonatype's products to ensure that your development organisation gets up and running successfully with the Nexus platform.

Service scope

Service constraints
In order for the service to operate correctly, Sonatype's software must be configured following their best practice recommendations. BDQ will work with your IT and Development teams to ensure that this configuration proceeds smoothly.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday - Friday 9am - 5pm. Our response time is between 4 hours and 2 days depending on the severity of the issue. Out of hours support is available at additional cost.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat support is available via Microsoft Teams or Zoom.
Web chat accessibility testing
Support levels
We provide on-demand support to customers requiring assistance, via Cloud Support Engineers and Technical Account Managers. Please see our pricing document for more detail about the costs associated with our different levels of support.


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Social Value



BDQ operates a modern, inclusive set of working practices, providing a supportive working environment that takes account of the needs of individual employees, whether they might require flexible hours, mentoring and support, or even company loans to assist with relocations etc. Pay rises are awarded annually at or above inflation to ensure pay keeps pace with the cost of living, and the annual review process is also used to seek opportunities to provide additional help and support to employees.

Many of the Cloud-based services we resell and support have extensive collaboration features, providing various communication channels to promote productivity and flexible working. BDQ staff use many of these services in their day-to-day work, ensuring adoption across the organisation and familiarity with the services to better promote best practices with customers.

The use of these collaboration tools supports flexible working and work from home policies and maintains the social interaction of the office, despite disparate working locations, that is so essential to mental health and wellbeing. These benefits are felt among BDQ staff and the staff of our customers, and in the interactions between them.

Training, including the opportunity to achieve certifications and accreditations in the services, is provided to all staff, and the benefit of this knowledge is transferred to customers own staff through the various training courses and workshops that BDQ provides.

Retrospectives are carried out at the end of each major assignment to seek internal feedback and learn lessons, giving employees a stake in how the business is run. These sessions improve not only BDQ’s internal processes and procedures, but may also lead to significant business decisions, such as a recent Board decision to offer additional discounts to charities seeking our services.

Together, these practices promote a collaborative, consultative working culture within and between BDQ and our customers.


£175 a unit an hour
Discount for educational organisations

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.