Sonatype Adds Native Container Scanning to Nexus Lifecycle
August 14, 2017

Sonatype released a new version of its Nexus Lifecycle product which now includes a built-in service that enables software development teams to automatically and continuously examine the security and quality of open source components used within container images.

The free service, known as Lifecycle Container Analysis (LCA), gives customers the ability to surface intelligence with respect to the quality of open source components inside of a container image and automatically apply and manage policies based on the results.

With LCA, Nexus Lifecycle customers can now automatically govern open source hygiene for containerized applications in the same way they have long governed hygiene for non-containerized applications.

Additionally, by using Sonatype’s Nexus Repository as a free, private Docker registry, these same customers can easily organize, manage, and distribute trusted containers across their DevOps pipelines.

Wayne Jackson, CEO, Sonatype, said: "Rather than treating security as an afterthought, high performance technology organizations view containers as an unprecedented opportunity to embed automated security controls into every phase of the software delivery pipeline. We have hundreds of enterprise customers like Goldman Sachs, Intuit, and Liberty Mutual already using Nexus Lifecycle to continuously govern the security and quality of open source components being used within their applications -- and beginning today the remarkable intelligence of Nexus Lifecycle has been extended to containers as well.”

Share this

Industry News

November 04, 2024

Progress announced the completion of the acquisition of ShareFile, a business unit of Cloud Software Group, providing a SaaS-native, AI-powered, document-centric collaboration platform, focusing on industry segments including business and professional services, financial services, industrial and healthcare.

November 04, 2024

Incredibuild announced the acquisition of Garden, a provider of DevOps pipeline acceleration solutions.

October 31, 2024

The Open Source Security Foundation (OpenSSF) announced an expansion of its free course “Developing Secure Software” (LFD121).

October 31, 2024

Redgate announced that its core solutions are listed in Amazon Web Services (AWS) Marketplace.

October 30, 2024

LambdaTest introduced a suite of new features to its AI-powered Test Manager, designed to simplify and enhance the test management experience for software development and QA teams.

October 30, 2024

StackHawk launched Oversight to provide security teams with a birds-eye view of their API security program.

October 30, 2024

DataStax announced the enhancement of its GitHub Copilot extension with its AI Platform-as-a-Service (AI PaaS) solution.

October 30, 2024

Opsera partnered with Databricks to empower software and DevOps engineers to deliver software faster, safer and smarter through AI/ML model deployments and schema rollback capabilities.

October 29, 2024

GitHub announced the next evolution of its Copilot-powered developer platform.

October 29, 2024

Crowdbotics released an extension for GitHub Copilot, available now through the GitHub and Azure Marketplaces.

October 28, 2024

Copado has integrated Copado AI into its Community to streamline support and accelerate issues resolution.

October 28, 2024

Mend.io and HeroDevs have forged a new partnership allowing Mend.io to offer HeroDevs support for deprecated packages.

October 28, 2024

Synechron has acquired Cloobees, a Salesforce implementation partner.

October 24, 2024

Opsera announced its AI Code Assistant Insights.