One in Six Developers in Healthcare Report Open Source Breaches | Press Release


Sonatype Further Expands Coverage of Nexus Platform

 

   

Nexus Lifecycle and Nexus Firewall add native support for eleven additional ecosystems.

Fulton, MD – May 13, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced native support for eleven new ecosystems, including C/C++, R, Swift and Objective-C. By continuing to expand support for the most popular component formats, Nexus Lifecycle and Nexus Firewall help millions of developers automatically keep flawed open source components from entering — or being used across — their DevOps pipeline. 

New natively supported package manager ecosystems, include: Alpine, Bower*, Cargo (Rust), CocoaPods (Swift and Objective-C), Composer (PHP), Conan (C/C++), Conda, CRAN (R), Debian, Drupal, and rpm**. With these additions, Sonatype now supports 38 different languages and package formats.

Sonatype’s 2020 DevSecOps Community Survey revealed that one in five organizations experienced an open source-related breach in the past twelve months. While the use of open source components accelerates innovation, companies must avoid unwittingly introducing known vulnerable components that can quickly lead to application breaches.

“In the past two weeks, hackers have successfully exploited known vulnerable open source components with a number of high-profile breaches. The elapsed time between vulnerability disclosure and exploit was about three days,” said Brian Fox, CTO of Sonatype. “Our automated open source governance solutions allows engineering and security teams to manage third-party risk by automatically controlling how open source components are being utilized across every phase of their SDLC.”

Nexus Lifecycle and Nexus Firewall, two products within the Nexus Platform, are designed to compliment Nexus Repository OSS and Pro users.  Benefits, harnessed by customers such as Equifax, ABN-AMRO and Bloomberg Industry Group, include:

  • Automatically enforce open source security policies at the earliest point in the software development lifecycle.
  • Automatically identify and remediate vulnerable open source components during the active development and test phases of the development lifecycle.
  • Automatically find and fix vulnerable open source components in production applications at the end of the development lifecycle.

* New in Nexus Firewall only
** New in Nexus Lifecycle only

Additional Resources

About Sonatype

Sonatype is the leader in software supply chain automation technology with more than 350 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit Sonatype.com, or connect with us on Facebook, Twitter, or LinkedIn.