Sonatype, the leader in software supply chain automation, today announced that it has released a new version of Nexus Lifecycle that includes an extension to Microsoft Visual Studio, a popular integrated development environment (IDE). This new Nexus Lifecycle integration empowers millions of Visual Studio developers with direct access to Sonatype’s open source intelligence engine so they can easily vet component quality and automatically ensure compliance with defined security, licensing and architectural policies such as component age or popularity.
Furthermore, because Sonatype has long delivered component intelligence for NuGet packages and since Sonatype’s popular Nexus Repository Manager is already capable of being integrated with Microsoft Team Foundation Server and Visual Studio Team Services — Sonatype now offers Microsoft development teams a fully automated open source governance and security platform that scales early and everywhere across every phase of the modern DevOps pipeline.
Findings from Sonatype’s 2017 DevSecOps community survey indicate that only 34% of respondents conduct open source security analysis during the initial development stage. The vast majority of survey respondents indicate they wait until QA/testing or just prior to release to analyze components for security vulnerabilities, representing a legacy and waterfall-native approach to application hygiene leads to expensive rework and inevitably creates friction between developers and security professionals.
The good news is that beginning today, DevOps-native development teams equipped with Microsoft Visual Studio, Microsoft Team Foundation Server, Nexus Repository Manager, and Nexus Lifecycle can automatically and continuously govern the flow of open source components from the very beginning, to the very end, of the software development lifecycle. The result is that teams will make better choices early in the value chain and eliminate waste and friction associated with late-stage application security practices, legacy software component analysis tools, and waterfall-native development processes.
“Our Nexus platform integrated with popular Microsoft development tools empowers organizations with a comprehensive component governance service early and everywhere across the development lifecycle. By embracing the supply chain automation principles taught by Deming and applying them to modern software development, DevOps-native teams can automatically ensure that all open source libraries in an application are of the highest standards,” said Wayne Jackson, CEO. Sonatype