About Sonatype

Press Releases

Sonatype Reduces Licensing Risks With New Update to NuGet and Visual Studio

Published: September 09, 2013 12:45


Sonatype to Provide License Analysis for NuGet Gallery Components

FULTON, MD. – Sept. 9, 2013 Sonatype, a software company dedicated to enabling developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today announced an update to both the NuGet gallery and Visual Studio 2013 add-in that provides license data associated for each NuGet package based on the Sonatype Component Lifecycle Management (CLM) platform.

Sonatype’s software allows organizations to develop more secure applications by identifying and replacing components with known security and licensing risk throughout the software development lifecycle. Sonatype software includes license analysis support for NuGet Packages and their subcomponents (regardless of language or platform). The license analysis results are now available as a new feature in both the NuGet gallery and Visual Studio enabling developers to get more clear license information and then select packages that fit their policies and legal requirements.

“As NuGet continues to become a more regular part of the developer workflow, it becomes important for developers to easily identify the NuGet packages that best fit their needs,” said Scott Hunter, Principal Group Program Manager for the Azure Developer Experience Group at Microsoft. “Sonatype, as a part of their CLM product, has done a great job in analyzing packages and determining, among other characteristics, the appropriate set of license names associated with the package.”

1The composition of today’s applications is often as high as 90% open source components1 and 10% custom source code. Given this, virtually all development organizations must understand and follow licensing conditions for each component and their many subcomponents. This is an often-perplexing task given the hundreds of open source license types, many with unique conditions. Through this product integration, Sonatype will provide up-to-date information directly to the developers in their day-to-day toolset, enabling them to select packages that best suit their legal requirements.

1Based on an analysis of the Central Repository and 1000+ Repository and Application Healthcheck Risk Assessments.

About Sonatype
Sonatype’s software protects the world’s enterprise software applications from security, compliance, and licensing threats. Every day, millions of developers build software applications from open source building blocks, or components. Customers rely on the Sonatype family of products to accurately identify and analyze component usage and proactively fix flawed components throughout the software development lifecycle so applications are secure and comply with licensing and regulatory requirements. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit: www.sonatype.com

Tony Keller
Sonatype
tkeller@walkerunlimited

####