New Capabilities Will Accelerate Secure Coding Practices Across the SDLC
Sonatype, makers of open source governance and software supply chain management solutions, released three integrations to automate DevSecOps practices for Atlassian customers. The Nexus platform integrations will help Atlassian customers improve secure coding practices and enhance application security as organizations seek to innovate faster and build higher quality applications at scale.
To accelerate the delivery of new features and applications, developers are increasingly reliant on open source components. While eighty to ninety percent of a modern application is built from these open source software building blocks, 28% of developers acknowledge security breaches associated with the components they use.
Recommended AI News: Women-Led Tech Start-Up Creates Digital Tool to Combat COVID-19 in Developing World
To help developers build safer applications faster, Sonatype is delivering three new Nexus platform integrations for Atlassian customers:
Jira Software ticketing for Software Component Analysis (SCA) – The Nexus platform automatically creates Jira tickets that alert development teams when known security vulnerabilities, license risks, or architectural issues are found in open source software components being used in an application. Jira tickets are immediately put into daily development workflows for teams to triage with insight and remediation guidance.
Bitbucket automated pull requests – The Nexus platform automatically informs developers of security or license risks within their open source dependencies and opens pull requests populated with recommended update and remediation paths. Bitbucket users can now remediate issues in seconds, armed with the world’s most robust intelligence around open source software components.
Bitbucket Code Insights – The Nexus platform surfaces open source component security and license information relevant to a pull request. Developers using the Nexus platform integrated with Code Insights are notified when a change they make introduces risk, with contextual feedback for the individual branch they are working on, and the exact open source components that introduced the risk. This kind of information accelerates feedback loops for Bitbucket users that are critical to successful DevSecOps practices.
Recommended AI News: Merkle RMG Appoints Phil Yamamoto as President
Sonatype’s new integrations work with Bitbucket Cloud and Server.
“We’ve analyzed over 70 million open source software components to ensure developers have rapid, precise access to information about their quality and security,” says Brian Fox, co-founder and CTO of Sonatype. “The Atlassian integrations benefit from Sonatype’s deep, precise data. Not only is our database of vulnerable components 70% larger than other market alternatives, our data is curated to provide the most value and insight for the developers who need it.”
Sonatype is a member of the Atlassian Platform Partner Program, a collaboration that supports developer tooling — other members include Jenkins, McAfee and Micro Focus.
Recommended AI News: Investing in Rewarding Moments: Prodege Acquires Popular Education-Savings Rewards Business Upromise
Comments are closed, but trackbacks and pingbacks are open.