AUTOMATED GOVERNANCE
Enforce policies automatically
Your teams decide together what level of risk your company is comfortable with. Then automatically enforce policies early and everywhere across the SDLC with few false positives or negatives.
Protect against risks that can exploit your software in ways that are harmful to your business or customers.
Protect against legal risk from open source license obligations. An example is the GPL license which requires public disclosure of source code.
Protect against risk from low-quality components. Sonatype uses a variety of metrics to assess quality including age and popularity.
This is a catch-all category to protect against any other kind of risk, usually related to organizational priorities. One example could be ownership of a component.
“A bill of materials, whether it’s of open source components or in house components, is a key part of the overall strategy on ensuring large software projects have trusted, secure components.”
SONATYPE REPOSITORY FIREWALL
Block malicious components
- Keep compromised components out
Receive detailed intelligence for healthier component choice early in development, so you can minimize risk without hindering productivity. As easy as adding packages. - Intercept malicious components
AI-powered behavioral analysis predicts malicious components days before any public advisory, protecting you from zero-day attacks. - Identify vulnerable open source
Protect your builds from vulnerable open-source through assigned risk profiles, allowing policy-based protection. - Integrate with your repository
Increase application security by using Sonatype Repository Firewall with Sonatype Nexus Repository. Intercept malicious components with early identification and warning. Also compatible with JFrog Artifactory.
“Through the use of the Sonatype Platform, our team can proactively ensure open source security vulnerabilities are precisely identified, managed and resolved before they can impact our customers.”
SONATYPE LIFECYCLE
Always-on open source security
- Monitor continuously for open source vulnerabilities
Establish an automated early warning system to get alerted on newly discovered vulnerabilities based on component, risk level, or applications affected. - Generate a Software Bill of Materials (SBOM)
Identify precisely what’s in your applications and containers with detailed SBOM reporting in minutes. Analyze and monitor your inventory for vulnerabilities and licensing issues. - Remediate vulnerabilities quickly
Prioritize remediation and development work based on Sonatype's enriched data and guidance. Know the exact location of any component, and its dependencies, to fix threats quickly.
