New Capabilities Will Accelerate Secure Coding Practices Across the SDLC
Fulton, MD – June 2, 2020 -- Sonatype, makers of open source governance and software supply chain management solutions, today released three integrations to automate DevSecOps practices for Atlassian customers. The Nexus platform integrations will help Atlassian customers improve secure coding practices and enhance application security as organizations seek to innovate faster and build higher quality applications at scale.
To accelerate the delivery of new features and applications, developers are increasingly reliant on open source components. While eighty to ninety percent of a modern application is built from these open source software building blocks, 28% of developers acknowledge security breaches associated with the components they use. To help developers build safer applications faster, Sonatype is delivering three new Nexus platform integrations for Atlassian customers.
Jira Software ticketing for Software Component Analysis (SCA)
The Nexus platform automatically creates Jira tickets that alert development teams when known security vulnerabilities, license risks, or architectural issues are found in open source software components being used in an application. Jira tickets are immediately put into daily development workflows for teams to triage with insight and remediation guidance.
Bitbucket Automated Pull Requests
The Nexus platform automatically informs developers of security or license risks within their open source dependencies and opens pull requests populated with recommended update and remediation paths. Bitbucket users can now remediate issues in seconds, armed with the world’s most robust intelligence around open source software components.
Bitbucket Code Insights
The Nexus platform surfaces open source component security and license information relevant to a pull request. Developers using the Nexus platform integrated with Code Insights are notified when a change they make introduces risk, with contextual feedback for the individual branch they are working on, and the exact open source components that introduced the risk. This kind of information accelerates feedback loops for Bitbucket users that are critical to successful DevSecOps practices.
Sonatype’s new integrations work inside Bitbucket Cloud and Server.
“We’ve analyzed over 70 million open source software components to ensure developers have rapid, precise access to information about their quality and security,” says Brian Fox, co-founder and CTO of Sonatype. “The Atlassian integrations benefit from Sonatype’s deep, precise data. Not only is our database of vulnerable components 70% larger than other market alternatives, our data is curated to provide the most value and insight for the developers who need it.”
Sonatype is a member of the Atlassian Platform Partner Program, a collaboration that supports developer tooling -- other members include Jenkins, McAfee and Micro Focus.
- Automated Pull Requests in Atlassian Bitbucket (blog post) Keep Applications Secure in Atlassian Bitbucket with Automated Pull Requests
- Jira Software Integrations (blog post) Better, Faster, Stronger: Nexus Lifecycle's Improved JIRA Add-on Gives Developers and AppSec Something to High-Five About
- Atlassian’s Bamboo integration with the Nexus platform
Sonatype is the leader in software supply chain automation technology with more than 350 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit Sonatype.com, or connect with us on Facebook, Twitter, or LinkedIn.