Alternatives to Sonatype Nexus Repository
Compare Sonatype Nexus Repository alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Sonatype Nexus Repository in 2026. Compare features, ratings, user reviews, pricing, and more from Sonatype Nexus Repository competitors and alternatives in order to make an informed decision for your business.
-
1
GitLab
GitLab
GitLab is a complete DevOps platform. With GitLab, you get a complete CI/CD toolchain out-of-the-box. One interface. One conversation. One permission model. GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate. GitLab helps teams accelerate software delivery from weeks to minutes, reduce development costs, and reduce the risk of application vulnerabilities while increasing developer productivity. Source code management enables coordination, sharing and collaboration across the entire software development team. Track and merge branches, audit changes and enable concurrent work, to accelerate software delivery. Review code, discuss changes, share knowledge, and identify defects in code among distributed teams via asynchronous review and commenting. Automate, track and report code reviews.Starting Price: $29 per user per month -
2
QVscribe
QRA
QVscribe, QRA's flagship product, unifies stakeholders by ensuring clear, concise artifacts. It automatically evaluates requirements, identifies risks, and guides engineers to address them. QVscribe simplifies artifact management by eliminating errors and verifying compliance with quality and industry standards. QVscribe Features: Glossary Integration: QVscribe now adds a fourth dimension by ensuring consistency across teams using different authoring tools. Term definitions appear alongside Quality Alerts, Warnings, and EARS Conformance checks within the project context. Customizable Configurations: Tailor QVscribe to meet specific verification needs for requirements, including business and system documents. This flexibility helps identify issues early before estimates or development progress. Integrated Guidance: QVscribe offers real-time recommendations during the editing process, helping authors effortlessly correct problem requirements and improve their quality. -
3
GitGuardian
GitGuardian
GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non human identities and their secrets lifecycle. The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF and Bouygues Telecom for robust secrets protection.Starting Price: $0 -
4
Revenera SCA
Revenera
Take control of your open source software management. Empower your organization to manage open source software (OSS) and third-party components. FlexNet Code Insight helps development, legal and security teams to reduce open source security risk and manage license compliance with an end-to-end system. FlexNet Code Insight is a single integrated solution for open source license compliance and security. Find vulnerabilities and remediate associated risk while you build your products and during their entire lifecycle. Manage open source license compliance, add automation to your processes, and implement a formal OSS strategy that balances business benefits and risk management. Integrate with build tools, CI/CD and SCM tools, artifact repositories, external repositories or build your own integrations using the FlexNet Code Insight REST API framework to make code scanning easy and effective. -
5
LinearB
LinearB
We correlate and reconstruct Git, project and release data to provide real-time project insights and team metrics with zero manual updates or developer interruptions. LinearB’s Software Delivery Intelligence platform analyzes hundreds of signals every minute from your Git and project systems to highlight where you can do the most good for your team. Software Delivery Intelligence helps dev teams continuously accelerate delivery by correlating development pipeline data – code, git, projects, CI/CD – to provide visibility, context and workflow automation for every member of the team.Starting Price: $15 per dev per month -
6
JFrog Artifactory
JFrog
The Industry Standard Universal Binary Repository Manager. Supports all major package types (over 27 and growing) such as Maven, npm, Python, NuGet, Gradle, Go, and Helm including Kubernetes and Docker as well as integration with leading CI servers and DevOps tools that you already use. Additional functionalities include: - High Availability that scales to infinity with active/active clustering of your DevOps environment and scales as business grows - On-Prem, Cloud, Hybrid, or Multi-Cloud Solution - De Facto Kubernetes Registry managing application packages, operating system’s component dependencies, open source libraries, Docker containers, and Helm charts with full visibility of all dependencies. Compatible with a growing list of Kubernetes cluster providers. -
7
Jira
Atlassian
Jira is the only project management tool you need to plan and track work across every team. Jira by Atlassian is the #1 software development tool for teams planning and building great products. Trusted by thousands of teams, Jira offers access to a wide range of tools for planning, tracking, and releasing world-class software, capturing and organizing issues, assigning work, and following team activity. It also integrates with leading developer tools for end-to-end traceability. From short projects, to large cross-functional programs, Jira helps break big ideas down into achievable steps. Organize work, create milestones, map dependencies and more. Link work to goals so everyone can see how their work contributes to company objectives and stay aligned to what’s important. Your next move, suggested by AI. Atlassian Intelligence takes your big ideas and automatically suggests the tasks to help get it done.Starting Price: Free -
8
Docker
Docker
Docker takes away repetitive, mundane configuration tasks and is used throughout the development lifecycle for fast, easy and portable application development, desktop and cloud. Docker’s comprehensive end-to-end platform includes UIs, CLIs, APIs and security that are engineered to work together across the entire application delivery lifecycle. Get a head start on your coding by leveraging Docker images to efficiently develop your own unique applications on Windows and Mac. Create your multi-container application using Docker Compose. Integrate with your favorite tools throughout your development pipeline, Docker works with all development tools you use including VS Code, CircleCI and GitHub. Package applications as portable container images to run in any environment consistently from on-premises Kubernetes to AWS ECS, Azure ACI, Google GKE and more. Leverage Docker Trusted Content, including Docker Official Images and images from Docker Verified Publishers.Starting Price: $7 per month -
9
JFrog
JFrog
Fully automated DevOps platform for distributing trusted software releases from code to production. Onboard DevOps projects with users, resources and permissions for faster deployment frequency. Fearlessly update with proactive identification of open source vulnerabilities and license compliance violations. Achieve zero downtime across your DevOps pipeline with High Availability and active/active clustering for your enterprise. Control your DevOps environment with out-of-the-box native and ecosystem integrations. Enterprise ready with choice of on-prem, cloud, multi-cloud or hybrid deployments that scale as you grow. Ensure speed, reliability and security of IoT software updates and device management at scale. Create new DevOps projects in minutes and easily onboard team members, resources and storage quotas to get coding faster.Starting Price: $98 per month -
10
MyGet
MyGet
The Secure Universal Package Manager. Continuously govern and audit all packages in your DevOps lifecycle. Thousands of teams worldwide trust MyGet with their package management and governance. Accelerate your software team with cloud package management, robust security controls and easy continuous integration build services. MyGet is a Universal Package Manager that integrates with your existing source code ecosystem and enables end-to-end package management. Centralized package management delivers consistency and governance to your DevOps workflow. MyGet real-time software license detection tracks your teams’ package usage and detects dependencies across all of your packages. Customized usage policies ensure your teams are only using approved packages while reporting vulnerabilities and outdated packages early in your software build and release cycles.Starting Price: $15 per month -
11
Mirantis Secure Registry
Mirantis
Mirantis Secure Registry (formerly Docker Trusted Registry) provides an enterprise grade container registry solution that can be easily integrated to provide the core of an effective secure software supply chain. Enterprise-grade security Centralize control for container images: Store, share, and manage images from a secure docker registry under your control, enabling developers to use and run only approved images. Protect and verify: Scan images against a continuously updated vulnerability database, and validate with cryptographic signing. Secure and accelerate CI/CD workflows: Automatically promote images from test to prod for a secure, efficient software pipeline—all while maintaining policy-based controls. -
12
Sonatype Nexus Repository is a powerful binary repository manager designed to streamline the management of open-source and third-party components in your software development lifecycle. The Community Edition, available for free, supports essential features such as integration with popular CI/CD tools, enhanced security for managing components, and support for up to 200,000 requests per day. As your needs scale, Nexus Repository Pro offers additional features like unlimited components, high availability, disaster recovery, and advanced security controls, making it a comprehensive solution for businesses of all sizes.Starting Price: Free
-
13
Harness
Harness
Harness is an AI-native software delivery platform that helps engineering teams achieve excellence by automating and streamlining the entire software delivery lifecycle. It enables continuous integration, continuous delivery, and GitOps for multi-cloud, multi-region deployments with increased speed and reliability. Harness simplifies infrastructure as code, database DevOps, and artifact management to improve collaboration and reduce errors. The platform offers AI-powered testing, incident response, chaos engineering, and feature management to enhance quality and resilience. Harness also provides cloud cost management, security testing orchestration, and developer insights to optimize performance and governance. Trusted by leading enterprises, Harness accelerates innovation while reducing manual effort and risk. -
14
Dist
Dist
Highly available and super fast artifact repositories and container registries that keep your developers, operations teams, and customers happy and productive. Dist is the simplest and most reliable way to securely distribute Docker container images and Maven artifacts across your team, systems, and customers. Our purpose-built edge network ensures optimal performance, wherever your team and customers are. Dist is fully managed in the cloud. We take care of operations, maintenance, and backups so you can focus on your business. Restrict access to repositories by users and groups. Each user can further compartmentalize their own access using access tokens. All artifacts, container images, and their associated metadata are encrypted at rest and in transit.Starting Price: $39 per month -
15
CloudRepo
CloudRepo
CloudRepo provides fully managed, cloud-based, private repositories. With CloudRepo, developers store and access Public and Private, Maven, and Python repositories in the cloud. CloudRepo stores your maven repositories across multiple physical servers reducing the probability of data loss & maven repository downtime due to hardware failure. We help reduce time and resources spent running unsecured & vulnerable maven repositories, which allows everyone to focus on developing more. Your team has completed all this developing to ultimately distribute your repositories. Use the Software Distribution feature to make sure your repositories get in the right hands.Starting Price: $79 per month -
16
ActiveState
ActiveState
ActiveState provides software development teams with the world's most comprehensive library of secure and trusted open source, over 79 million vetted components across all major language ecosystems (e.g., Java, Javascript, Python, R, Go, etc.), including transitive dependencies and OS-level libraries. By building everything from source, we ensure that every component is what it says it is, contains the fewest amount of vulnerabilities, and is continuously remediated. Companies can consume this open source where and when they need it - through their existing artifact repositories, as container images or managed distributions, or via IDPs. When teams transfer their open source responsibility to ActiveState, developers and security teams break free from the endless cycle of vulnerability management. Developers gain confidence knowing their code will make it to production faster and with less friction. Security gains assurance that policy and compliance standards are met by default. -
17
Azure Artifacts
Microsoft
Add fully integrated package management to your continuous integration/continuous delivery (CI/CD) pipelines with a single click. Create and share Maven, npm, NuGet, and Python package feeds from public and private sources with teams of any size. Create and share Maven, npm, NuGet, and Python package feeds from public and private sources. Easily share code across small teams and large enterprises. Get universal artifact management for Maven, npm, NuGet, and Python. Share packages, and use built-in CI/CD, versioning, and testing. Share code effortlessly by storing Maven, npm, NuGet, and Python packages together. And there's no need to store binaries in Git, simply store them using Universal Packages. Keep every public source package you use, including packages from npmjs and nuget.org, safe in your feed where only you can delete it, and where it's backed by the enterprise-grade Azure SLA.Starting Price: $6 per user per month -
18
Azure Container Registry
Microsoft
Build, store, secure, scan, replicate, and manage container images and artifacts with a fully managed, geo-replicated instance of OCI distribution. Connect across environments, including Azure Kubernetes Service and Azure Red Hat OpenShift, and across Azure services like App Service, Machine Learning, and Batch. Geo-replication to efficiently manage a single registry across multiple regions. OCI artifact repository for adding helm charts, singularity support, and new OCI artifact-supported formats. Automated container building and patching including base image updates and task scheduling. Integrated security with Azure Active Directory (Azure AD) authentication, role-based access control, Docker content trust, and virtual network integration. Streamline building, testing, pushing, and deploying images to Azure with Azure Container Registry Tasks.Starting Price: $0.167 per day -
19
OneDev
OneDev
OneDev is an open-source, self-hosted DevOps platform that unifies Git repository management, CI/CD pipelines, issue tracking, kanban boards, and package registries into a single application. It offers an intuitive GUI for creating CI/CD jobs with features like typed parameters, matrix jobs, logic reuse, and cache management. OneDev includes built-in registries for Docker, NPM, Maven, NuGet, PyPi, and more, facilitating comprehensive package management. It supports progressive and iterative issue tracking through iterations, enhancing agile workflows. With out-of-the-box code search and navigation, Renovate integration for dependency updates, and a RESTful API, OneDev streamlines development processes. It is designed for easy installation and maintenance, providing high performance and scalability. OneDev is developed and maintained by an inclusive community, ensuring continuous improvements and support.Starting Price: $6 per month -
20
AWS CodeArtifact
Amazon
Store and share artifacts across accounts, with appropriate levels of access granted to your teams and build systems. Reduce overhead from setup and maintenance of an artifact server or infrastructure with a fully managed service. Only pay for software packages stored, number of requests made, and data transferred out of Region with pay-as-you-go pricing. Configure CodeArtifact to fetch from public repositories such as the npm Registry, Maven Central, Python Package Index (PyPI), and NuGet. Securely share private packages across organizations by publishing them to a central organizational repository. Build automated approval workflows with CodeArtifact APIs and Amazon EventBridge, with visibility into your packages using AWS CloudTrail. Pull dependencies from CodeArtifact in AWS CodeBuild and publish new versions of your private packages secured with AWS Identity and Access Management (IAM).Starting Price: $0.05 per GB per month -
21
Artifact Registry is Google Cloud’s unified, fully managed package and container registry designed for high-performance artifact storage and dependency management. It centralizes hosting of container images (Docker/OCI), Helm charts, language packages (Java/Maven, Node.js/npm, Python), and OS packages, offering fast, scalable, reliable, and secure handling with built-in vulnerability scanning and IAM-based access control. Integrated seamlessly with Google Cloud CI/CD tools like Cloud Build, Cloud Run, GKE, Compute Engine, and App Engine, it supports regional and virtual repositories with granular security via VPC Service Controls and customer-managed encryption keys. Developers benefit from standardized Docker Registry API support, comprehensive REST/RPC interfaces, and migration paths from Container Registry. Daily updated documentation includes quickstarts, repository management, access configuration, observability tools, and deep-dive guides.
-
22
Perforce TeamHub
Perforce
Your code repository software is where you store your source code. This might be a Mercurial, Git, or SVN repository. Perforce TeamHub (formerly Helix TeamHub) can host your source code repository, whether it’s Mercurial, Git, or SVN. You can add multiple repositories in one project — or create a separate project for each repository. Perforce TeamHub can host more than your code repositories. You can manage and maintain all of your software assets in one spot. This includes build artifacts (Maven, Ivy) and Docker container registries. It also includes private file sharing through WebDAV repositories for your other binary files. You can use TeamHub on its own or alongside P4 to maintain a single source of truth across development teams. For example, you can keep large binary files in P4, then combine those files with Git assets from Perforce TeamHub in a hybrid workspace to achieve high build performance.Starting Price: $1.05/month -
23
packagecloud
packagecloud
Fast, reliable, and secure software starts here. A unified, developer-friendly interface for all of your artifacts written in any language, delivered to any infrastructure. Ship securely and quickly knowing your packages are handled by packagecloud. Consistent package repositories, at enterprise scale and startup speed. A single API and CLI for every environment and package type. Works seamlessly and harmoniously with the systems you already use. Manage all of your packages and deploy to any environment, from one beautiful interface, on-premise or in the cloud. Packagecloud supports the most popular package types, from Java to Python to Ruby and Node, and more. Built for teams with collaboration and access control features. Packagecloud just works. Upload any supported package type via a single, consistent API and deploy with ease. We run thousands of tests to ensure correct and consistent behavior even in the face of bugs in the packaging systems themselves.Starting Price: $150 per month -
24
Red Hat Quay
Red Hat
Red Hat® Quay container image registry provides storage and enables you to build, distribute, and deploy containers. Gain more security over your image repositories with automation, authentication, and authorization systems. Quay is available with OpenShift or as a standalone component. Control access of the registry with multiple identity and authentication providers (including support for teams and organization mapping). Use a fine-grained permissions system to map to your organizational structure. Transport layer security encryption helps you transit between Quay.io and your servers automatically. Integrate with vulnerability detectors (like Clair) to automatically scan your container images. Notifications alert you to known vulnerabilities. Streamline your continuous integration/continuous delivery (CI/CD) pipeline with build triggers, git hooks, and robot accounts. Audit your CI pipeline by tracking API and UI actions. -
25
Cloudsmith
Cloudsmith
Cloudsmith is a Software-as-a-Service (SaaS) platform that acts as the single source of truth for software everywhere. We help organisations reliably manage the dependencies, deployment and distribution of their software stack in one centralised place, ensuring their software supply chain remains secure. We are here to empower teams to deliver software faster, without restrictions of managing different asset types, while remaining scalable and cost-efficient. From source to delivery — with complete trust, control, and security.Starting Price: $89 per month -
26
Easily store, share, and deploy your container software anywhere. Push container images to Amazon ECR without installing or scaling infrastructure, and pull images using any management tool. Share and download images securely over Hypertext Transfer Protocol Secure (HTTPS) with automatic encryption and access controls. Access and distribute your images faster, reduce download times, and improve availability using a scalable, durable architecture. Amazon ECR is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images and artifacts anywhere. Meet your organization’s image compliance security requirements using insights from common vulnerabilities and exposures (CVEs) and the Common Vulnerability Scoring System (CVSS). Publish containerized applications with a single command and easily integrate your self-managed environments.
-
27
JFrog Xray
JFrog
DevSecOps Next Generation – Securing Your Binaries. Identify security vulnerabilities and license violations early in the development process and block builds with security issues from deployment. Automated and continuous governance and auditing of software artifacts and dependencies throughout the software development lifecycle from code to production. Additional functionalities include: - Deep recursive scanning of components drilling down to analyze all artifacts and dependencies and creating a graph of relationships between software components. - On-Prem, Cloud, Hybrid, or Multi-Cloud Solution - Impact analysis of how an issue in one component affects all dependent components with a display chain of impacts in a component dependency graph. - JFrog’s vulnerabilities database, continuously updated with new component vulnerability data, includes VulnDB, the industry’s most comprehensive security vulnerability database. -
28
Harbor
Harbor
CNCF Harbor is an open-source project that enhances container registry capabilities with a focus on security and compliance. It builds upon basic registry functionality by offering features such as vulnerability scanning to identify known security weaknesses in images, role-based access control for granular image access management, image signing to ensure authenticity and prevent tampering, and replication for efficient syncing of images across multiple other registries. Harbor strengthens the security of the image management process. It can be particularly beneficial for organizations that prioritize security and compliance in their containerized environments. However, users should be aware that setting up and maintaining Harbor can require additional effort and expertise compared to simpler container registries. -
29
Xygeni
Xygeni Security
Xygeni All-In-One AppSec Platform protects software from code to cloud with a unified solution built for Application Security Posture Management (ASPM). It gives CISOs, CIOs, and DevSecOps teams full visibility and control across the software supply chain, without slowing delivery. Xygeni secures every SDLC stage, code, dependencies, secrets, builds, IaC, containers, and CI/CD systems, detecting vulnerabilities, misconfigurations, and malware in real time. Powered by advanced AI, Xygeni prioritizes exploitable risks, cuts 90% of alert noise, and drives automated remediation through AI SAST, Auto-Fix, and Xygeni Bot. Developers scan and fix issues directly in their IDE, keeping code secure from the start. Early Malware Warning blocks zero-day supply-chain threats at publication, while smart dependency analysis prevents breaking updates. Seamless integration with GitHub, GitLab, Bitbucket, Jenkins, and Azure DevOps ensures a frictionless experience. -
30
Sonatype Lifecycle
Sonatype
Sonatype Lifecycle is a leading software composition analysis (SCA) platform designed to secure applications by automating dependency management and vulnerability monitoring. It provides real-time alerts and in-depth analytics to help developers identify and fix security risks across the software development lifecycle (SDLC). With features like automated patching, customizable policies, and SBOM (Software Bill of Materials) management, Sonatype helps businesses integrate secure open-source components without compromising speed. The platform enhances DevOps workflows by offering insights into dependencies, minimizing risks, and ensuring compliance, all while speeding up development. -
31
With Container Registry your team can manage Docker images, perform vulnerability scans and decide who accesses what resources with precise access control; All in one place. Existing CI / CD integrations allow you to configure fully automated Docker pipelines for information without delay. Get access to private and secure Docker image storage on Google Cloud Platform in minutes. Control who can access, view or download images. Get consistent uptime on a protected infrastructure with Google security. Build and push images to the private registry automatically when you commit code to Cloud Source Repositories, GitHub, or Bitbucket. Easily configure CI / CD pipelines with Cloud Build integration or deploy directly to Google Kubernetes Engine, App Engine, Cloud Functions, or Firebase. Automatically build containers on code or tag changes to a repository. Search across previous builds from the UI or view build details like a trigger, source, steps, and logs.
-
32
Oracle Cloud Infrastructure Container Registry is an open standards-based, Oracle-managed Docker registry service for securely storing and sharing container images. Engineers can easily push and pull Docker images with the familiar Docker Command Line Interface (CLI) and API. To support container lifecycles, Registry works with Container Engine for Kubernetes, Identity and Access Management (IAM), Visual Builder Studio, and third-party developer and DevOps tools. Work with Docker images and container repositories using familiar Docker CLI commands and Docker HTTP API V2. Oracle takes care of operating and patching the service, so that developers can focus on building and deploying containerized applications. Built using object storage, Container Registry provides data durability and high service availability with automatic replication across fault domains. Oracle does not charge separately for the service. Users pay only for the associated storage and network resources they consume.
-
33
Embold
Embold Technologies
Get a deeper understanding of your software with Embold's profound analysis and intuitive visuals. Visually comprehend the size and quality of every component and fully understand the state of your software at a glance. Understand issues on a component level with rich annotations and see where they are located in your code. View and navigate through all ingoing and outgoing dependencies of your software components and learn how they influence each other. Quickly understand how to refactor and split complex components by using our innovative partitioning algorithms. The EMBOLD SCORE, calculated from four dimensions, tells you which components have the biggest impact on the overall quality and need to be solved first. Analyze your code’s structural design with the help of our unique set of anti-patterns on a class, functional, and method level. Embold utilizes several metrics ranging from cyclomatic complexity to coupling between objects to measure the quality of software systems. -
34
Chocolatey
Chocolatey
Chocolatey has the largest online registry of Windows packages. Chocolatey packages encapsulate everything required to manage a particular piece of software into one deployment artifact by wrapping installers, executables, zips, and/or scripts into a compiled package file. Package submissions go through a rigorous moderation review process, including automatic virus scanning. The community repository has a strict policy on malicious and pirated software. Many organizations face the ongoing challenge of deploying and supporting various versions of software. Chocolatey allows organizations to automate and simplify the management of their complex Windows environments. Our customers have experienced a massive reduction in effort, improved speed of deployment, high reliability, and comprehensive reporting. Reduce complexity, save yourself time, and get up to speed on the latest technologies and approaches.Starting Price: $96 per year -
35
Alibaba Cloud Container Registry
Alibaba Cloud
Container Registry allows you to manage images throughout the image lifecycle. It provides secure image management, stable image build creation across global regions, and easy image permission management. This service simplifies the creation and maintenance of the image registry and supports image management in multiple regions. Combined with other cloud services such as container service, container registry provides an optimized solution for using Docker in the cloud. Provides an intranet URL of the image repository for each region. You can visit this URL to download images without using traffic. Builds services automatically, in regions outside China, and in stages. Allows you to easily scan the image security status and provides multi-dimensional vulnerability reports. Provides an easy Docker-based continuous integration and continuous delivery solution. Easy operations allow you to quickly start using the service at low management and maintenance costs.Starting Price: $113 per month -
36
P4
Perforce
P4 (formerly Helix Core) is an enterprise-grade version control system designed to manage the complexities of modern software development. It allows teams to store, track, and manage all digital assets—ranging from source code to 3D models—with unprecedented scalability. P4 is ideal for large, distributed teams working on large-scale projects, offering powerful collaboration tools, seamless integrations, and advanced branching capabilities. With strong support for both centralized and distributed workflows, P4 enhances productivity and efficiency, making it a top choice for software, game, and hardware development teams. -
37
GitHub
GitHub
GitHub is the world’s most secure, most scalable, and most loved developer platform. Join millions of developers and businesses building the software that powers the world. Build with the world’s most innovative communities, backed by our best tools, support, and services. If you manage multiple contributors , there’s a free option: GitHub Team for Open Source. We also run GitHub Sponsors, where we help fund your work. The Pack is back. We’ve partnered up to give students and teachers free access to the best developer tools—for the school year and beyond. Work for a government-recognized nonprofit, association, or 501(c)(3)? Get a discounted Organization account on us.Starting Price: $7 per month -
38
Packagist
Packagist
Packagist is the main composer repository. It aggregates public PHP packages installable with Composer. Put a file named composer.json at the root of your project, containing your project dependencies. Packagist is the default Composer package repository. It lets you find packages and lets Composer know where to get the code from. You can use Composer to manage your project or libraries' dependencies. First of all, you must pick a package name. This is a very important step since it can not change and it should be unique enough to avoid conflicts in the future. The package name consists of a vendor name and a project name joined by a/. The vendor name exists to prevent naming conflicts. The composer.json file should reside at the top of your package's git/svn/ repository and is the way you describe your package to both packagist and composer. New versions of your package are automatically fetched from tags you create in your VCS repository. -
39
A task-based, software configuration management solution that brings together global, distributed development teams on a unified platform. IBM® Rational® Synergy is a task-based, software configuration management (SCM) solution that brings together global, distributed development teams on a unified platform. It provides capabilities that help software and systems development teams work and collaborate faster and easier. IBM Rational Synergy helps software delivery teams manage the complexity of global collaboration and boosts overall productivity. Software changes and tasks are synchronized in real-time, so dispersed teams can collaborate in a cohesive fashion over the global delivery framework. High-performance WAN access allows distributed teams to carry out operations at LAN-like speeds, reducing the overhead of having multiple servers. The single SCM repository manages all artifacts related to software development, including source code, documents, and more.
-
40
JFrog Container Registry
JFrog
The world’s most advanced, powerful, hybrid Docker and Helm registry. Power your world of Docker without limits. The JFrog Container Registry is the most comprehensive and advanced registry in the market today, supporting Docker containers and Helm Chart repositories for your Kubernetes deployments. Use it as your single access point to manage and organize your Docker images, while avoiding Docker Hub throttling or retention issues. JFrog provides reliable, consistent, and efficient access to remote Docker container registries with integration to your build ecosystem. Develop and deploy your way. Supports your current and future business model with on-prem / self-hosted, hybrid, and multi-cloud environments on your choice of AWS, Microsoft Azure, and Google Cloud. Built on JFrog Artifactory’s proven track record of power, stability, and resilience to easily manage and deploy your Docker images and provide your DevOps teams with full control over access and permissions.Starting Price: $98 per month -
41
Sonatype Auditor
Sonatype
Sonatype Auditor is a powerful software tool designed to automate and streamline open-source security and compliance management. It enables organizations to generate a Software Bill of Materials (SBOM) and identify any open-source components in third-party or legacy applications. Auditor scans for security risks, such as vulnerabilities or restricted licenses, and provides real-time alerts for continuous monitoring. With its remediation guidance, users can easily address identified issues and improve their security posture. This tool is ideal for businesses looking to manage open-source components, ensure compliance, and reduce risk across their software environments. -
42
Buildstash
Buildstash
Buildstash is a powerful platform designed to organize, store, and distribute software builds and binaries with ease and security. It automates build archival through integrations with local and CI environments, eliminating the chaos of shared folder dumping. The platform supports multiple platforms including mobile, desktop, games, XR, and embedded systems, providing tailored workflows for diverse development teams. Buildstash links builds directly to repositories and issue trackers like Linear or Jira for full visibility and context. Secure sharing options include password-protected links, private portals, and public download pages. By centralizing build management and release workflows, Buildstash helps teams collaborate more effectively and maintain control over their software delivery.Starting Price: $49/workspace/month -
43
Yarn
Yarn
Yarn is a package manager which doubles down as project manager. Whether you work on one-shot projects or large monorepos, as a hobbyist or an enterprise user, we've got you covered. Split your project into sub-components kept within a single repository. Yarn guarantees that an install that works now will continue to work the same way in the future. Yarn cannot solve all your problems, but it can be the foundation for others to do it. We believe in challenging the status quo. What should the ideal developer experience be like? Yarn is an independent open-source project tied to no company. Your support makes us thrive. Yarn already knows everything there is to know about your dependency tree, it even installs it on the disk for you. So, why is it up to Node to find where your packages are? Instead, it should be the package manager's job to inform the interpreter about the location of the packages on the disk and manage any dependencies between packages and even versions of packages.Starting Price: Free -
44
Store and distribute container images in a fully managed private registry. Push private images to conveniently run them in the IBM Cloud® Kubernetes Service and other runtime environments. Images are checked for security issues so you can make informed decisions about your deployments. Install the IBM Cloud Container Registry CLI to use the command line to manage your name spaces and Docker images in the IBM Cloud® private registry. View information about potential vulnerabilities and the security of images in the IBM Cloud Container Registry public and private repositories with the IBM Cloud console. Check the security status of container images that are provided by IBM, third parties or that are added to your organization's registry namespace. Advanced capabilities for security compliance insight. Access controls and image signing capabilities. Pre-integration with Kubernetes Service.
-
45
The Code Registry
The Code Registry
The Code Registry is an AI-powered code intelligence and analysis platform that gives businesses and non-technical stakeholders full visibility into their software codebase, even if they don’t write code themselves. Upon connecting your code repository (GitHub, GitLab, Bitbucket, Azure DevOps, or uploading a zipped archive), the platform creates a secure “IP Vault” and runs a comprehensive automated analysis across your entire codebase. It produces a range of reports and dashboards, including a code-complexity score (revealing how intricate or maintainable your code is), open-source component analysis (detecting dependencies, license status, outdated or vulnerable libraries), security analysis (identifying potential vulnerabilities, insecure configurations or risky dependencies), and a “cost-to-replicate” valuation, estimating how much effort or resources it would take to rebuild or replace the software from scratch.Starting Price: $2 per month -
46
Oobeya
Oobeya
Oobeya is an engineering intelligence platform that helps software development teams accelerate their value delivery performance. Oobeya works with code repositories, issue tracking, testing, application performance monitoring (APM), and incident management tools to measure engineering metrics, like cycle time, lead time, sprint planning accuracy, pull request metrics, and value stream metrics (VSM), and DevOps DORA metrics. Oobeya's goal is to help software engineering teams to make a shift from an intuition-driven approach to a data-driven approach by plugging into the SDLC toolset. Oobeya connects to Git repositories like GitHub, GitLab, Bitbucket, Azure DevOps, issue tracking systems like Jira and Azure Boards, and CI/CD platforms like Github Actions, GitLab CI, Azure Pipelines, and Jenkins.Starting Price: $12 per dev / month -
47
IBM® Rational® Quality Manager is a collaborative, web-based tool that offers comprehensive test planning, test construction, and test artifact management features throughout the development lifecycle. Rational Quality Manager is for test teams of all sizes and supports various user roles, such as test manager, test architect, test lead, tester, and lab manager. The application also supports roles outside the test organization. Comprehensive test planning, test design with test cases, test script construction and reuse. Test execution, test analysis, reporting, and live views. Team collaboration, lab management, web application security, configuration management. and governance. Establish a review and approval process for the test plan and for individual test cases. Manage project requirements and test cases and establish the interdependencies between the two. Define the schedule for each test iteration and track the dates of other important test activities.
-
48
Portus
Portus
Portus implements the new authorization scheme defined by the latest version of the Docker registry. It allows for fine grained control over all of your images. You decide which users and teams are allowed to push or pull images. Map your company organization inside of Portus, define as many teams as you want and add and remove users from them. Portus provides an intuitive overview of the contents of your private registry. It also features a search capability to find images even faster. User privileges are constantly taken into account, even when browsing the contents of the repository or when performing searches. Keep everything under control. All the relevant events are automatically logged by Portus and are available for analysis by admin users. Non-admin users can also use this feature to keep up with relevant changes. -
49
Sonatype Repository Firewall
Sonatype
Sonatype Repository Firewall is a security solution that provides proactive protection for your software supply chain by intercepting malicious open-source components before they enter your development process. Utilizing AI-powered behavioral analysis, it detects and prevents known and unknown vulnerabilities across dependencies. The platform offers real-time policy enforcement, allowing users to set customizable policies based on risk levels, such as the age or popularity of open-source components. With automated vulnerability prevention, Sonatype Repository Firewall helps businesses maintain compliance, enhance security, and reduce risk, while boosting developer productivity by avoiding unnecessary disruptions. -
50
Rocket Aldon Lifecycle Manager
Rocket Software
Rocket Aldon is now Rocket DevOps, delivering true end-to-end CI/CD for IBM i+ environments. Our tools extend holistic DevSecOps best practices to the IBM i, enabling innovation, smoother compliance audits, and rapid adaptation to evolving processes, technologies, and expectations. As regulations shift and security threats grow, Rocket DevOps—part of Rocket’s Security & Compliance solution—helps de-risk modernization with robust technology, expert services, and strong support. With our experienced DevOps services team, you get a fast, customized implementation and the ability to manage future changes confidently. No matter the IT landscape, businesses must meet customer and market demands, and Rocket DevOps helps teams deliver the applications and environments that drive success.
