Policy evaluation. Policy enforcement. Open Source Governance. DevSecOps.
In case you missed it, we’re pretty committed to helping our users keep their applications safe from open source vulnerabilities and license issues. More importantly, we’re proud to be able to enable them to do so at scale. The “at scale” piece here is possible because of our 1) stellar data on software components and 2) ability to enforce open source policy violations.
We recently started down a path to make it even easier for Nexus Lifecycle users to enforce their open source policies at scale. After a few weeks of beta testing, we’re happy to share that our new policy-oriented reports are officially live! This refreshed version of our Application Composition Report includes policy violations at the center of the report, allowing users to quickly identify and act on remediation opportunities. Focusing on policy remediation helps teams concentrate on reducing risk and ensures users are getting the most out of their Lifecycle implementation.
Take a peak:
If you previously used the Application Composition Report for auditing or keeping a pulse on all security violations, don’t worry! We’ve retained the ability to access and filter on raw component data from the UI. See how below.
To learn more about our new policy-oriented reports, watch this demo:
We’re excited about our reporting and look forward to your feedback. Tell us what you think in the comments below or connect with us at my.sonatype.com!
Written by Sonal Thawani
Sonal is an experienced product manager and product marketing manager. As a Senior Product Marketing Manager at Sonatype, she's focused on spreading her awe for Nexus IQ Server.