World’s only OSS Firewall delivers automated open source governance for six component formats
Fulton, MD – March 23, 2018 – Sonatype, the leader in open source governance and DevSecOps automation, today announced that Nexus Firewall now supports RubyGems and RPM components. By continuing to expand support for the most popular component formats, Nexus Firewall can help millions of developers automatically block vulnerable open source components from entering their DevOps pipeline.
According to Sonatype’s 2017 State of the Software Supply Chain Report, 1 in 18 open source components downloaded by development teams had known security vulnerabilities. Nexus Firewall integrates automated security into the earliest stage of a DevSecOps pipeline to ensure that organizations build applications that are secure by design.
“Organizations keep software applications safe, not by chance, but by preparation,” said Brian Fox, CTO of Sonatype. “Sonatype researchers have identified more than 34,000 vulnerable RubyGem and RPM components. The sheer volume of vulnerabilities makes manual governance impossible. Nexus Firewall is the only solution in the world that automatically stops vulnerable open source components at the front door.”
“Rather than wait until an application is assembled to scan and identify these known vulnerabilities, why not address this issue at its source by warning developers not to download and use these known vulnerable components (and in cases of serious vulnerabilities, block the download)?”, wrote Gartner analysts Neil MacDonald and Ian Head in their 3 October 2017 report, 10 Things to Get Right for Successful DevSecOps. “To address this issue, some providers offer an ‘OSS firewall’ (Sonatype Nexus Firewall) to expose the security posture of libraries to developers to make educated decisions about which versions to use. Using this approach, the developer can explicitly block downloads of components and libraries with known severe vulnerabilities (for example, based on the severity of the CVE assigned).”
Organizations using Nexus
- Defining and enforcing quality thresholds for RubyGems, RPM, PyPI, NuGet,
npmand Java components
- Analyzing and selectively admitting secure components
- Keeping production apps safe from risky components
- Read our latest blog post on RubyGems and RPM support
- Browse our Firewall Infographic
- View a demo of how Firewall blocks vulnerable RPM components in action
Sonatype is the world’s leading provider of vast data intelligence and DevOps-native developer tools to help organizations harness all the goodness in open source software, without any of the