Skip Navigation
Book a Demo
Book a Demo
Customer Stories

From DevSecOps to application protection

INAIL manages over 20,000,000 insured people and over 600,000 accidents/year.
thumbnail-Inail

The Need:

Inail needed to catalog Open Source artifacts and identify vulnerabilities present before going into production.

The core need was to implement staging logic and use an external docker registry to openshift.

Fundamental requirement: respect for the privacy of personal data and security of data of policyholders.

The Solution:

Definition of a check, within the verification and validation process of each release, able to intercept the possible presence of vulnerabilities on open source artifacts used in software applications released by Inail. The control is implemented through Sonatype Platform functionalities, it is repeated during the different phases of the release cycle and after the release of the same in production, through the definition of a staging logic.

Departments involved
  • Central Directorate for the Digital Organization of INAIL - Support Office for the production process and software certification,
  • Office of Software Development and IT Architecture
  • Infrastructure Office

“Thanks to Sonatype we have improved the security of software products, in particular the security of Open libraries within a staging logic”

– ADELE GAMBACORTA
HEAD OF SOFTWARE PRODUCTION PROCESS

Activities performed:

  • Installation of Nexus OSS
  • Configuration and pipelining of the Maven Repository
  • Introduction of staging logic in the REPO
  • Configuration and execution of vulnerability reports (with IQ Server)
  • Configuration and pipelining of the Docker registry REPO

The Result:

Establishment of a support team for the Development office to extract the Bills of Materials, i.e. the list of third-party components and vulnerabilities.

Each vulnerability is analyzed and managed in accordance with the organization’s policy. The activities of the support team are preparatory to the execution of penetration tests, carried out by the application security team.

The Benefits:

Adoption of practices aimed at minimizing the risks associated with the use of vulnerable components and the use of Open Source libraries in general.

Active involvement of the development team in the use of secure components during software development and release.

Checking and validation of libraries before production release.

“Thanks to Sonatype we have improved the security of software products, in particular the security of Open libraries within a staging logic”

Logo_Inail

PRODUCTS USED

sonatype-repository-logo

firewall-logo-aligned-CustomerStories@2x

sonatype-lifecycle-logo