Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

Why Trilliant Chose Nexus Lifecycle

Innovative Utility Software Platform Powered by “Best and Brightest” Open Source Libraries
Trilliant - Logo

Trilliant

Challenge

Challenge

  • Trilliant Engineering leadership needed an Open Source (OSS) governance tool that could automatically find and fix open source risk without slowing down developers.
  • Previous OSS management solution did not integrate with SDLC and did not enable front-line software developers to understand OSS risks and determine proactive mitigation.
  • Previous OSS governance solution was prone to excessive false positives which created an environment of alert fatigue, and caused developers to ignore security and other risk warnings.
Sonatype Solution

Solution

  • Sonatype’s Nexus platform aligns well with Trilliant’s secure development objectives and supports the vision that security is a shared objective across cross-functional, agile teams. 
  • Nexus Lifecycle policy controls integrated across multiple phases of Trilliant’s software development lifecycle including IntelliJ IDE, Eclipse, GitHub, and SonarQube.
  • Nexus intelligence provides precise, accurate, and real time security, license and architecture alerts that Trilliant developers can trust. Additional drill-down is feasible to assess, prioritize, and address any systemic risks.
Outcome

Outcome

  • Trilliant engineering teams trust the Nexus platform to automatically identify and remediate open source risk, without slowing down innovation.
  • Automated open source policy controls exist across software development, application security, and IT operations teams.
  • Precise intelligence about open source risk is integrated across the Trilliant SDLC and with the company’s FOSS policy so that the process of fixing issues, verifying hygiene, and implementing preventive actions can be orchestrated without any impact to the teams’ innovation velocity.

"Using Nexus Lifecycle, we’re able to identify risks earlier than ever before in the development process -- especially compared to six months ago. Nexus Lifecycle works very well within our DevOps practice."

Prem Ranganath, VP of Quality and Risk Management

Read the full story