Aerospace and Defense Organization - A double win for release velocity & security

Staying Protected and Increasing Release Velocity
Thumbnail-Aerospace-Anonymous

Sonatype's cloud offers can be found and are hosted on Amazon Web Services (AWS).

Open Source Security transformations in Aerospace and Defense

This major U.S. aerospace and defense corporation came to Sonatype with a critical need to improve release velocity and reduce the number of security violations in their DevOps pipeline. Manual approval processes slowed down their software development lifecycles - meaning it would often take months to deploy even small pieces of software. Their speed to production means delays to their roadmap and time to market.

Additionally, this company needed to uphold government security standards, which played a significant role in the lengthy manual reviews. Code quality checks and approval of new components required a lengthy approval process and because these security processes took up so many resources, they would often be performed once, never to be reviewed again. This impacted the company’s security posture.

Needless to say they needed a solution that would support their security policies, enable them to continue their meaningful work with the government, and ideally speed up their release cycles.

Using the Sonatype Platform to Increase Release Velocity

The aerospace and defense corporation initiated a CI/CD initiative across their engineering organization. Culturally, there was an increased focus on delivering quality software fast and Sonatype’s platform enabled them to do so without compromising on security. The anonymous company deployed Sonatype Nexus Repository as a single source for storing components and coupled this with Sonatype Lifecycle and Sonatype Repository Firewall to cover every inch of their SDLC’s open source. Sonatype Lifecycle automated security processes and to manage the consumption and usage of open source components and to manage the consumption and usage of open source components.

“As a defense organization, they realized immense value from Repository Firewall, which became their SDLC’s first line of defense to block malicious components. ”

With Sonatype, this company was able to shift their organizations release speed without compromising on code quality and security. The solution's architecture combines Sonatype and AWS services. The customer deployed the Sonatype IQ Server - the engine that drives the Sonatype solution - in a private subnet within a VPC as a container managed by Amazon Elastic Kubernetes Service (Amazon EKS). They are using Postgres, running on AWS instances, to provide data persistence and safer disaster recovery, and Amazon Elastic File System (Amazon EFS) for shared file storage. Using an Application Load Balancer (ALB) to manage the load across the Amazon EKS pods, the customer's CI/CD tooling can then integrate reliably with the Sonatype solution.

Sonatype helped this organization reduce risk by providing insights into the open-source and third-party components used in a software application. Sonatype enabled their development team to take months off of their software development life cycle. By proactively addressing potential security threats and ensuring their software remains robust and up-to-date, this organization achieved the trifecta of speed, quality, and security.

Secure your software supply chain