No matter what packages are included in your open source development pipelines, Nexus Lifecycle will ensure you only use the ones previously vetted. While open source packages radically speed up the build and release cycles, your DevOps team may be using unwanted components without being aware of the risks.
The Nexus Lifecycle tool secures your entire CI/CD pipeline for each stage of the lifecycle, and automatically categorizes risks, highlights policy violations, and intelligently enforces security throughout your supply chain.
Nexus Lifecycle features include:
- Define your open source component policies by company, team, or even application types
- Visualize component intelligence inside your JFrog Artifactory
or Nexus Repository Manager repositories
- Supported Rest API that allows you to pair component intelligence with your own, in-house applications
With an accuracy of 99% and over 30 000 new packages scanned every day, you can reduce your Mean Time to Repair (MTTR) from weeks to a matter of seconds. Nexus Lifecycle also integrates with major pipeline tools including Jenkins, Hudson, Atlassian Bamboo, Maven, Docker, Eclipse, Visual Studio, IntelliJ IDEA, SonarQube, and others.