Sonatype, the company that scales DevOps through open source governance and software supply chain automation, and NeuVector, the leader in full lifecycle container security, today announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place.
The use of Kubernetes and Containers has skyrocketed in recent years. According to Red Hat’s 2020 edition of The State of Enterprise Open Source report, 56% of organizations polled said they expected their use of containers to increase in the next 12 months. Similarly, a 2019 CNCF report saw that more than 50% of companies are running 250 or more containers. But, as pointed out in NeuVector’s Ultimate Guide to Kubernetes Security, Kubernetes and Containers are just as vulnerable to attacks and exploits from hackers and insiders as traditional environments, making streamlined security critical to all enterprises.
With NeuVector’s container vulnerability scanning integrated directly into Sonatype’s Nexus Lifecycle, users will be able to use Nexus Lifecycle’s unrivaled policy engine to set detailed parameters to generate a complete software bill of materials, with a single view of any associated risk. This integration further enables accurate identification and detailed remediation guidance for application-level vulnerabilities and virtual patching to protect production workloads that contain vulnerabilities.
“As container security becomes mission critical to DevSecOps, it’s vital that organizations aren’t just “checking-the-box” within an SCA solution. Customers need a holistic approach to analyze, monitor and track the contents and runtime configurations of their containers to realize risk,” said Brian Fox, CTO and Co-founder of Sonatype. “This is why we are partnering with NeuVector and bringing its best-in-class capabilities to our customers. Combined with Nexus Lifecycle’s policy engine, we will be providing one of the most robust, sustainable, and scalable solutions for containers.”
“End-to-end container threat visibility and protection is vital to defending enterprises’ micro-perimeters from increasingly sophisticated attacks and to ensure regulatory compliance,” said Gary Duan, CTO, NeuVector. “We’re excited to partner with Sonatype and to pair NeuVector with their award-winning Nexus platform. By integrating these complementary technologies, DevOps teams are better equipped to comprehensively view security risks at-a-glance, introduce security policy as code, leverage virtual patching, and safeguard production workloads.”