Sonatype Adds Automated Container Analysis to Nexus Lifecycle


Enables software teams to assess the quality of open source components used inside containers

Fulton, MD. – December 7, 2016 - Sonatype, the leader in software supply chain automation, today announced that it has incorporated Lifecycle Container Analysis (LCA) into its popular Nexus Lifecycle solution for automating the flow of components through modern software supply chains. Modern development teams can now automatically examine the quality and security of application components within containers moving through their DevOps pipeline.

While containers bring greater efficiency to application development, they are not without their weaknesses. According to the July 2016 Gartner report, How to Secure Docker Containers in Operation, properly configured containers cannot provide 100% isolation for applications and therefore can still be compromised. In fact, Gartner lists malicious software components as one of two main threat vectors that can compromise container security.

With the introduction of LCA, Nexus Lifecycle can now examine applications housed inside of containers in the same way that it evaluates the quality of components in traditional applications. This allows Nexus Lifecycle to surface intelligence with respect to the quality of things inside the container and automatically apply and manage governance policies based on the results. LCA will effectively allow Nexus Lifecycle to peek inside the containers and see if any of the Java, NuGet, npm, or JavaScript components have known security vulnerabilities, license risks, or quality problems.

“Security concerns are one of the chief reasons why organizations have not swiftly moved containers into production,” said Wayne Jackson, CEO of Sonatype. “Containers are just a new type of part flowing through modern software supply chains and with LCA, Nexus Lifecycle customers can be confident that the components inside their containers are the highest quality and free from known vulnerabilities.”

Additional Resources

About Sonatype

With more than 100,000 installations, companies around the globe use Sonatype’s Nexus solutions to manage reusable components and improve the quality, speed and security of their software supply chains. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. For more information, visit:

Media Contact

Jennifer Edgerly
SpeakerBox Communications for Sonatype