Financial services organizations are high value targets for cyber criminals all over the world. Because of this, it is imperative that the keys and certificates used by financial service DevOps teams are properly protected. If not, bad actors can easily exploit cryptographic assets and wreak havoc on sensitive corporate data, all while remaining undetected ...
Sonatype has released a new version of Nexus Lifecycle that includes an extension to Microsoft Visual Studio, an integrated development environment (IDE).
This new Nexus Lifecycle integration empowers millions of Visual Studio developers with direct access to Sonatype's open source intelligence engine so they can easily vet component quality and automatically ensure compliance with defined security, licensing and architectural policies such as component age or popularity.
Furthermore, because Sonatype has long delivered component intelligence for NuGet packages and since Sonatype’s popular Nexus Repository Manager is already capable of being integrated with Microsoft Team Foundation Server and Visual Studio Team Services -- Sonatype now offers Microsoft development teams a fully automated open source governance and security platform that scales early and everywhere across every phase of the modern DevOps pipeline.
DevOps-native development teams equipped with Microsoft Visual Studio, Microsoft Team Foundation Server, Nexus Repository Manager, and Nexus Lifecycle can automatically and continuously govern the flow of open source components from the very beginning, to the very end, of the software development lifecycle. The result is that teams will make better choices early in the value chain and eliminate waste and friction associated with late-stage application security practices, legacy software component analysis tools, and waterfall-native development processes.
Wayne Jackson, CEO, Sonatype, said: “Our Nexus platform integrated with popular Microsoft development tools empowers organizations with a comprehensive component governance service early and everywhere across the development lifecycle. By embracing the supply chain automation principles taught by Deming and applying them to modern software development, DevOps-native teams can automatically ensure that all open source libraries in an application are of the highest standards.”
Sam Guckenheimmer, Group Product Planner, Microsoft, added: “The development community using Microsoft Visual Studio Team Services and Team Foundation Server can now rely on the intelligence built into Sonatype’s Nexus products to improve the quality, security, and speed of their software supply chains. We’re pleased to see Sonatype continuing to extend their support for our DevOps and developer solutions as part of our partner ecosystem.”