Resources Blog Enhancing software supply chain security: New Sonatype ...

Enhancing software supply chain security: New Sonatype product capabilities

We are thrilled to announce the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle. The enhanced capabilities empower organizations to exert more control over their software development life cycle (SDLC), ensuring they can meet the evolving needs of DevSecOps while maintaining operational excellence.

Let's dive into the latest updates!

Product enhancement highlights:

  • Expanded cloud delivery options: Simplify the procurement process by leveraging Sonatype Lifecycle and Sonatype Repository Firewall through AWS Marketplace. Additionally, Sonatype Repository Firewall now offers a convenient SaaS solution, making onboarding easier than ever. [Listing]
  • Seamless user experience: Manage open source risk with enhanced navigation, improved compatibility, and expanded support for wildcard characters in Sonatype Lifecycle. Enjoy cleaner views and effortless discovery of specific repositories and violations while streamlining automated policy enforcement with Sonatype Repository Firewall. [Documentation, Documentation]

  • Empowering developers with vulnerability remediation recommendations: Leverage Sonatype Lifecycle to clearly communicate vulnerability details and implement policy enforcement across different environments, deployments, and organizations. Customize CVSS Vector Strings, Severity, and CWE-IDs to align with your unique requirements. [Documentation]
  • Amplified observed license coverage: Harness the power of cutting-edge machine learning (ML) models with Sonatype Lifecycle, which delivers advanced license detection through its Advanced Legal Pack. Seamlessly meet open source software (OSS) license compliance obligations without compromising development velocity. [Documentation]
  • AI/ML-driven malware detection: Safeguard your system from malicious open source components by applying state-of-the-art AI and ML-driven behavioral analytics with Sonatype Repository Firewall. Level up your developer productivity and ensure security with a solution that speeds up detection, predicts new types of attacks, and blocks malicious code, at your direction, from entering your environment. [Documentation]
  • Streamlined onboarding and administration: Effectively managing your onboarding process and promptly administering your users are vital for maximizing protection. With Sonatype Nexus Repository, you will have a clear understanding of your default role at all times while also benefiting from enhanced privilege administration and Quick Action to expedite common tasks, such as blob storage mapping and connecting new proxy repositories. With the new Sonatype Repository Firewall onboarding experience, you can turn on AI-enhanced malware protection and vulnerability scanning for your Nexus Repository in minutes.
  • Enhanced search capabilities: Sonatype Nexus Repository enables streamlined connectivity simplifying the process of connecting new proxy repositories effortlessly. Additionally, it offers improved search capabilities for dates and times, along with faster component repository selection, contributing to a more intuitive and user-friendly experience. [Documentation]

Empowering developers and engineering teams

In the face of ever-evolving and increasingly malicious attacks, the significance of robust software supply chain security cannot be overstated. Forward-thinking enterprises and organizations now acknowledge that safeguarding their SDLC is of utmost importance. With this advanced product functionality, we empower developers and engineering teams to proactively identify and mitigate risks, accelerate innovation, and develop software fearlessly.

Ready to take your next crucial step toward a more secure software supply chain? Let’s make that happen.

Picture of Tara Flynn Condon

Written by Tara Flynn Condon

Tara Flynn Condon is Vice President of Product Marketing and Analyst Relations for Sonatype, maker of the world's leading software supply chain management platform. In her 20+ years in the technology industry, she has served leadership roles for public and private companies spanning product marketing, analyst relations, investor relations, corporate communications and M&A. When not doing that, she writes books, reads voraciously and volunteers (a lot). She is also a huge fan of anything involving fried cheese.