Sonatype Releases New Version of Free Repository Health Check
May 24, 2017

Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product.

As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.

While open source and third-party software components bring greater efficiency to application development, they are not without their weaknesses. According to the 2017 DevSecOps Community Survey, 1-in-5 organizations confirmed or suspected a breach related to known vulnerabilities in open source components used in their applications -- up 50% over the past three years.

With the introduction of the next-generation RHC, Nexus Repository users can now automatically identify open source security risks at the earliest stages of their DevOps pipeline.

Specifically, the RHC feature empowers software development teams with three important capabilities:

- Provides actionable guidance on which components housed in the repository manager should be upgraded or replaced.

- Prioritizes the list of vulnerable components by severity and impact, detailing how many times each component was downloaded from the repository manager by developers in the past 30 days.

- Reveals month-over-month metrics on the hygiene of the organization’s software supply chain to identify improving standards or worrisome trends.

“To maximize velocity and quality, DevOps-native teams must address security issues at the beginning -- not the end -- of the development lifecycle,” said Wayne Jackson, CEO of Sonatype. “Sonatype was first to market with the Repository Health Check capability in 2012 and today it evaluates more than 50 million components across 25,000 repositories every day. With our next-generation features, Nexus Repository customers can feel confident their development practices are building in security from the start.”

The next-generation RHC feature is available now as part of the Nexus Repository 3.3 release.

The Latest

June 23, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 3 covers how Agile enables you to grow and adapt to change ...

June 21, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 2 is all about speed ...

June 19, 2017

Earlier this year, DEVOPSdigest featured a list of expert opinions on the essential steps to become agile. Now that we have an idea on how to achieve agility, however, we have to consider why. What's the payoff? With this question in mind, DEVOPSdigest asked the experts — including analysts, consultants and vendors — for their opinions on what are the most important advantages of being Agile ...

June 15, 2017

In the development community, creating additional efficiency through improved collaboration has been prevalent for some time. But despite the head start on the rest of the corporate world when it comes to collaboration, many organizations function today as they did 15-20 years ago. Since time is money in the tech world, outdated collaboration is a huge missed opportunity ...

June 14, 2017

Given the efforts we put in these days to deconstructing monolithic applications, and using distributed microservices to make us more agile, the potential for app performance to take a nosedive because of unseen (and unanticipated) network congestion and outages is only getting greater. There is help at hand, though, in the form of new ways to program network awareness directly into your code ...

June 12, 2017

What if you discover a fatal error or an exploit in your app? What if your app is down during a crucial time? As a developer, how you react to a crisis can mean the difference between minor blip and an embarrassing or costly company blunder. Here's a crisis management plan to get things right when they go wrong ...

June 08, 2017

Recently, the results from SmartBear Software's annual survey, the State of Code Review 2017: Trends & Insights into Dev Collaboration were released. One point I found interesting is that it suggests only 66 percent of organizations can get releases out on time. Why are the other 34 percent struggling to get releases out the door? ...

June 06, 2017

Today's app development landscape is competitive and expensive. Thousands of apps are released each month, and user acquisition and retention are costing app developers millions. User abandonment is one of the main battles of every app developer — as every lost user means another wasted investment ...

June 05, 2017

Developers love using containers to build, run and ship applications in a flexible and simple way. However, the technology has received backlash for not being as secure as other (traditional) methods, such as Virtual Machines (VMs). Securing containers and securing VMs requires a completely different process. Below are four key differences between securing containers versus securing VMs ...

May 31, 2017

DevOps results in improvements in software delivery performance, according to a new first-of-its-kind study by CA Technologies to quantify the benefits for companies that combine DevOps methodologies with Cloud-based tools and delivery mechanisms ...

Share this