Case Study: Discovery Health achieves automated open-source component governance and continuous vulnerability monitoring with Sonatype Nexus Lifecycle

Managing and monitoring open source component usage

Discovery Health, South Africa’s leading medical scheme manager with millions of beneficiaries and a large in‑house development organization, relied heavily on open source components and struggled with manual governance. Their approval process for components was time‑consuming and often stalled, leaving little visibility into transitive dependencies or new vulnerabilities across thousands of application server instances and throughout the development lifecycle.

Discovery Health adopted Sonatype Nexus Repository and Nexus Lifecycle to automate continuous component monitoring, notifications, and policy enforcement (including IDE plugins for developers). The solution provided up‑to‑date visibility of security and license risks, drove organic team adoption, and delivered precise reporting and governance at scale. As a result, teams now have consistent, automated control over OSS consumption, reduced risk exposure, and a roadmap to tighten policies and expand scanning to npm and containerized applications.

Discovery Health

Nick Alexander

Systems Architect