It’s no secret. Developers use open source — in fact, 85% of a modern application is comprised of open source components and unfortunately one in ten open source component downloads contain a known security vulnerability. Given this inherent risk, how do modern software teams select the best components, govern open source usage, and still deliver at DevOps speed? Automated open source governance.
Sonatype Nexus, provides a developer-friendly full-spectrum software supply chain management platform, helping more than 1,500 organisations and 15 million software developers simultaneously accelerate innovation and improve application security.
Nexus Lifecycle empowers developers and security professionals to make safer open source choices across the SDLC, ensuring organizations continue to innovate with less risk.
- OSS security scanning and policy based controls.
- Kubernetes-native container security.
- Infrastructure as a Code (provisioning data center resources through machine-readable definition files as opposed to physical hardware)
- Advanced Legal Pack (maintaining compliance with oss licencing)
OSS Legal Compliance
Open source software deployment within the SDLC, is accompanied by a plethora of legal obligations, to comply with software licencing agreements and dependencies. Otherwise known as legal attributions.
As a guideline, in a typical application with 260 dependencies, the obligation on the development and legal teams, to ensure compliance, is circa 58 Hours. The Sonatype Advanced Legal Pack, is specifically designed to address this burden. See the post: https://blog.sonatype.com/slaying-the-dragon-of-oss-legal-compliance-with-the-advanced-legal-pack
Report: State of the Software Supply Chain 2021
Read the 7th annual report from Sonatype on open source software development and understand why productivity does not have to come at the cost of reduced security. Full report here
For further information on how to secure your SDLC and implement strong governance around the use of open source software, using Sonatype solutions, contact:
Tony O’Rourke. e: firstname.lastname@example.org Tel: +353 1 9011380