Sonatype, the leader in software supply chain automation, today released Nexus Firewall (patent pending). Nexus Firewall provides perimeter quality control for software development. Similar to a network firewall, it leverages a set of organizationally defined rules that use automation to shield an organization from obsolete or dangerous open source and other third party components from entering or exiting application development.
“Of the billions of components downloaded each year from public repositories, 1 in 16 has a known vulnerability,”said Wayne Jackson, CEO, Sonatype. “Now organizations can shield themselves from dangerous or outdated components entering their software supply chain with automated policy enforcement integrated at the earliest stage in the software development process, the repository manager.”
Today there aretens of thousands of installations of Nexus Repository. These organizations can gain from the many benefits of Nexus Firewall including:
• Leverages automation to immediately reduce exposure and cut waste from application development by avoiding unnecessary rework by blocking and quarantining OSS components that do not meet policies.
• Improves overall development decision making yielding significantly improved development hygiene through use of better, safer OSS components at the earliest point in the development process – the repository manager.
• Automates open source governance policies at the earliest point in software development – the repository manager
• Prevents vulnerable and undesirable components from entering your software supply chain, by blocking and quarantining any components that don’t meet policy requirements
• Provides detailed reports about what components that are in theyour repository manager, including license obligations, known security vulnerability, industry adoption rates, and quarantine status
• Prevents applications with known vulnerable and undesirable components from being released into production.
• Simple deployment for nearly immediate benefit to Nexus Repository users.
Added Jackson, “Toyota transformed manufacturing with their supply chain innovations. Sonatype is bringing Toyota principles to DevOps, using automation to revolutionize the consumption, integration and distribution of components used in high velocity software development and delivery environments.”