Sonatype’s Nexus Platform and Solutions
Sonatype started in 2008 and helps companies harness the potential that open source software development initiatives provide while reducing the associated risk. With employees distributed around the world, Sonatype continues to increase organizational productivity while ensuring you never compromise application security.
The brand used to identify the Sonatype solutions is Nexus, with products that include firewalls, application lifecycle management (ALM), auditing solutions as well as repository management and security tools. The tools are enterprise-grade solutions, with the repository manager also being available under an open source license and free trials available for all Nexus products.
The Nexus Firewall product ensures you only keep the good components in your repository and remove all the bad ones. Nexus Firewall uses machine learning and persistent scanning to ensure unwanted bits of code never make it to your source repository.
The Nexus Firewall will:
- Continuously audit your repository and remove unwanted components from the distribution pipeline
- Notify you once it finds and quarantines any components that pose a risk
Nexus Firewall integrates with both JFrog Artifactory and the Nexus Repository Manager. Therefore, you can quickly secure your DevOps perimeter and safely execute releases using the Nexus Firewall.
No matter what packages are included in your open source development pipelines, Nexus Lifecycle will ensure you only use the ones previously vetted. While open source packages radically speed up the build and release cycles, your DevOps team may be using unwanted components without being aware of the risks.
The Nexus Lifecycle tool secures your entire CI/CD pipeline for each stage of the lifecycle, and automatically categorizes risks, highlights policy violations, and intelligently enforces security throughout your supply chain.
Nexus Lifecycle features include:
- Define your open source component policies by company, team, or even application types
- Visualize component intelligence inside your JFrog Artifactory
or Nexus Repository Manager repositories
- Supported Rest API that allows you to pair component intelligence with your own, in-house applications
With an accuracy of 99% and over 30 000 new packages scanned every day, you can reduce your Mean Time to Repair (MTTR) from weeks to a matter of seconds. Nexus Lifecycle also integrates with major pipeline tools including Jenkins, Hudson, Atlassian Bamboo, Maven, Docker, Eclipse, Visual Studio, IntelliJ IDEA, SonarQube, and others.
The Nexus Auditor ensures your software remains secure and no license violations occur during build, test, and release cycles. Using component intelligence, you can drill down into any portion of the software and create policies that ensure your team’s compliance. Nexus Auditor will generate a complete BOM (Bill of Materials) of your software, including any COTS (Commercial off the Shelf) products used in your pipelines.
The Nexus Auditor will help you:
- Evaluate and document the insides of your software as a comprehensive BOM
- Pinpoint security vulnerabilities, quality issues, or licensing risks
- Correct risks quickly and completely in order to efficiently remediate your pipeline’s security
- Notify you of unwanted components located in the application lifecycle (ALC) stages
- Waive violations according to contextual analysis or manual exceptions
Nexus Auditor also provides reporting and analytical features that mean you can quickly communicate new risks as you become aware it exists.
Nexus Repository Manager
Available in both open source and professional editions, the Nexus Repository Manager supports all popular package formats to manage components and build artifacts. The Nexus Repository Manager delivers a single source of truth for your entire DevOps lifecycle.
Features of the Nexus Repository Manager include:
- Component Management including artifact building and centralized release control
- Intelligent staging and release to modernize your software quickly
- Scalability and high availability for DevOps tasks including active clustering
- Complete DevOps lifecycle support from binaries, containers, assemblies, to final products
- Integration with all major package formats
- Integration with all major code build, review, collaboration, and delivery tools
ReleaseTEAM as Your Sonatype Nexus Implementation Partner
ReleaseTEAM can assist with every facet of a Nexus Solution implementation or update project. The ReleaseTEAM experts have served in the software revolution trenches since 1999 and have seen every permutation of a DevOps lifecycle improvement initiative. ReleaseTEAM offers software sales and support, application lifecycle consultancy, staff training and mentoring, as well as workforce augmentation services.