Sonatype Adds Infrastructure as Code Security and Compliance


New Infrastructure as Code Pack for Nexus Lifecycle brings developer-friendly cloud and open source security together in one place.

Fulton, MD — March 16, 2021 — Sonatype, the leader in developer-friendly tools for software supply chain management and security, today unveiled its Infrastructure as Code (IaC) Pack for Nexus Lifecycle, making it easy for developers to configure infrastructure as code without worrying about common security mistakes.

The IaC pack enables developers to easily find and fix security vulnerabilities when actively developing cloud applications, while at the same time preventing security vulnerabilities and compliance issues from surfacing in production due to misconfigured cloud infrastructure. The pack delivers out-of-the-box guidance to assist developers configuring cloud infrastructure and fosters compliance with privacy and security standards (e.g., CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, SOC 2). Integrated with Nexus Lifecycle, the pack will make it possible for developers to find and easily fix misconfigurations in Terraform plans before they are applied to production infrastructure.

“Sonatype has a long and successful history of providing developers feedback on the health and hygiene of open source libraries, making it easy for them to identify and remediate security risk, without slowing down innovation,” said Wayne Jackson, CEO of Sonatype. “Developers are taking on exponentially more responsibility for building secure applications, including the configuration and deployment of secure cloud infrastructure using tools like Terraform. We’re equipping developers with the right information at the right time so they can always make healthy decisions when configuring IaC.”

Currently, most developers don’t truly “own” the security of their applications or production infrastructure. Instead, they find themselves constantly reacting to feedback from security and operations teams when mistakes are inevitably discovered. The IaC pack gives developers the information they need to easily configure secure and compliant infrastructure as code.

Sonatype unveiled its IaC Pack for Nexus Lifecycle as part of its next-generation Nexus platform offering customers full-spectrum control of the cloud-native software development lifecycle including: third-party open source code, first-party source code, infrastructure as code (IaC), and containerized code. 

Additional Resources: 

About Sonatype:

Sonatype is the leader in developer-friendly, full-spectrum software supply chain management providing organizations total control of their cloud-native development lifecycles, including third-party open source code, first-party source code, infrastructure as code, and containerized code. The company supports 70% of the Fortune 100 and its commercial and open source tools are trusted by 15 million developers around the world. With a vision to transform the way the world innovates, Sonatype helps organizations of all sizes build higher quality software that's more aligned with business needs, more maintainable, and more secure. 

Sonatype has been recognized by Fast Company as one of the Best Workplaces for Innovators in the world, two years in a row, and has been named to the Deloitte Technology Fast 500 and Inc. 5000 lists for the past five years. For more information, please visit, or connect with us on Facebook, Twitter, or LinkedIn.