Delivers automated open source governance to DevOps native teams using Microsoft tools
Fulton, MD – June X, 2017 – Sonatype, the leader in software supply chain automation, today announced that it has released a new version of Nexus Lifecycle that includes an extension to Microsoft Visual Studio, a popular integrated development environment (IDE). This new Nexus Lifecycle integration empowers millions of Visual Studio developers with direct access to Sonatype’s open source intelligence engine so they can easily vet component quality and automatically ensure compliance with defined security, licensing and architectural policies such as component age or popularity.
Furthermore, because Sonatype has long delivered component intelligence for NuGet packages and since Sonatype’s popular Nexus Repository Manager is already capable of being integrated with Microsoft Team Foundation Server — Sonatype now offers Microsoft development teams a fully automated open source governance and security platform that scales early and everywhere across every phase of the modern DevOps pipeline.
Findings from Sonatype’s 2017 DevSecOps community survey indicate that only 34% of respondents conduct open source security analysis during the initial development stage. The vast majority of survey respondents indicate they wait until QA/testing or just prior to release to analyze components for security vulnerabilities, representing a legacy and waterfall-native approach to application hygiene which leads to expensive rework and inevitably creates friction between developers and security professionals.
The good news is that beginning today, DevOps-native development teams equipped with Microsoft Visual Studio, Microsoft Team Foundation Server, Nexus Repository Manager, and Nexus Lifecycle can automatically and continuously govern the flow of open source components from the very beginning, to the very end, of the software development lifecycle. The result is that teams will make better choices early in the value chain and eliminate waste and friction associated with late-stage application security practices, legacy software component analysis tools, and waterfall-native development processes.
Wayne Jackson, CEO, Sonatype
“Our Nexus platform integrated with popular Microsoft development tools empowers organizations with a comprehensive component governance service early and everywhere across the development lifecycle. By embracing the supply chain automation principles taught by Deming and applying them to modern software development, DevOps-native teams can automatically ensure that all open source libraries in an application are of the highest standards.”
Sam Guckenheimmer, Group Product Planner, Microsoft
“The Microsoft Visual Studio and Team Foundation Server development community can now rely on the intelligence built into Sonatype’s Nexus products to improve the quality, security, and speed of their software supply chains. We’re pleased to see Sonatype continuing to extend their support for our DevOps and developer solutions as part of our partner ecosystem.”
● Install the Nexus IQ Extension from within Microsoft Visual Studio or download at the Visual Studio Marketplace
● See the Visual Studio integration in this video [need video and URL]
● Learn more about the Nexus Lifecycle
● Learn more about Sonatype software supply chain automation solutions
Sonatype is the leading provider of DevOps-native tools to automate modern software supply chains. As the creators of Apache Maven, the Central Repository, and Nexus Repository, Sonatype pioneered componentized software development and has a rich history of supporting open source innovation. Today, more than 120,000 organizations depend on Sonatype’s Nexus platform to govern the volume, variety, and quality of open source components flowing into modern software applications. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. Learn more at www.sonatype.com