About Sonatype

News Releases

Sonatype Announces New Hassle-Free Path Toward Secure Software Development

Published: July 08, 2013 08:55


Sonatype Announces New Hassle-Free Path
Toward Secure Software Development
Nexus Pro CLM Edition Defines and Enforces Component
Policies in the Software Build and Release Process

SILVER SPRING, Md. – July 8, 2013 Sonatype, the leader in Component Lifecycle Management (CLM) today announced the launch of Nexus Pro CLM Edition, an enhanced version of their market-leading Nexus Pro repository manager enabling users to easily define and enforce policies during software development. Improved policy management helps organizations reduce security and license risks. Nexus Pro CLM Edition allows greater control over component usage and is an important first step toward complete component lifecycle management.

With Nexus Pro CLM Edition, security, licensing and architecture policies are easily defined and automatically enforced in the release and staging process. Today's modern software application is primarily based on a common set of building blocks that are mainly comprised of open source components. Although these components can be downloaded from anywhere, the majority of these are downloaded from the Central Repository. The Central Repository contains more that 400,000 individual components that make their way into an even greater number of custom and open source applications and frameworks. Many of these are the foundational elements of today's enterprise applications. According to industry studies1, 80 percent of all applications are comprised of components and 90 percent of component repositories contain severe vulnerabilities.

"Many organizations either don’t have policies or have difficulty enforcing them. Nexus Pro CLM Edition addresses both of these challenges head-on," says Wayne Jackson, Sonatype, CEO. "Agile, component-based development requires the proper balance of automation and human effort. Humans should only have to define policies and manage exceptions, machines should automate the enforcement. Having policy management built right into the tools developers use every day makes security a habit, not a hassle."

Nexus Pro CLM Edition gives Nexus Pro users an easy way to explore some of the more robust governance and security features in Sonatype's complete Component Lifecycle Management solution (CLM). Nexus Pro provides the foundation for storing, managing and sharing components. Nexus Pro CLM Edition adds the capability to prevent flawed components from making their way into production. Sonatype's full CLM solution extends component governance features beyond the Nexus Pro Repository to the entire lifecycle, including the IDE and CI Server. "Nexus Pro CLM Edition is a stepping stone toward complete component lifecycle management," says Jackson. "Our goal is to help organizations enhance software security at whatever pace is right for them. Nexus Pro CLM Edition may be the best start for some, while complete CLM is best for others such as Bosch Software Innovations."

"At Bosch Software Innovations, we are dedicated to delivering high quality software products only. Open source software has become an important addition to our in-house software development. Sonatype CLM makes it easy for us to use the right components, to avoid security and licensing risks, to comply with our policies, and do it all in a way that is respectful of the open source community," said Steffen Evers, Open Source Officer at Bosch Software Innovations GmbH. Sonatype’s Nexus Repository Managers are used by 20,000 organizations representing 70 percent of the repository manager market. Nexus Pro CLM Edition represents a foundational step in the path toward full component lifecycle management. The Sonatype CLM family of products enables organizations to accurately identify and analyze component usage, effectively govern the entire software lifecycle, and proactively fix flawed components.

For more information about Sonatype’s Nexus Pro CLM Edition, please visit http://www.sonatype.com/nexus/whats-in-your-repo/nexus-pro-clm-edition. To learn more about Sonatype CLM please visit www.seehow.org.

About Sonatype
Sonatype is leading the component revolution. The company’s innovative Component Lifecycle Management (CLM) products enable organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks. Sonatype operates the Central Repository, the industry's primary source for open-source components, serving more than eight billion requests per year from more than 70,000 organizations. The company has been a pioneer in component-based software development since its founding by Jason van Zyl, the creator of the Apache Maven build management system and the Sonatype Central Repository. Since that time, Sonatype has been a leader in core open-source software development ecosystem projects used by more than nine million developers including Nexus, m2eclipse, and Hudson. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit: www.sonatype.com or follow Sonatype on Twitter @SonatypeCLM

Media Contacts:
Julie McHenry
Julie@comminsight.com
650-560-8030 office
650-504-6655 cell

Karen Gardner
KGardner@sonatype.com
301-684-8080 x143 office
703-851-7872 cell

1 Based on an analysis of the Central Repository and 1000+ Repository and Application Healthcheck Risk Assessments.