Sonatype Releases New Version of Free Repository Health Check
May 24, 2017

Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product.

As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.

While open source and third-party software components bring greater efficiency to application development, they are not without their weaknesses. According to the 2017 DevSecOps Community Survey, 1-in-5 organizations confirmed or suspected a breach related to known vulnerabilities in open source components used in their applications -- up 50% over the past three years.

With the introduction of the next-generation RHC, Nexus Repository users can now automatically identify open source security risks at the earliest stages of their DevOps pipeline.

Specifically, the RHC feature empowers software development teams with three important capabilities:

- Provides actionable guidance on which components housed in the repository manager should be upgraded or replaced.

- Prioritizes the list of vulnerable components by severity and impact, detailing how many times each component was downloaded from the repository manager by developers in the past 30 days.

- Reveals month-over-month metrics on the hygiene of the organization’s software supply chain to identify improving standards or worrisome trends.

“To maximize velocity and quality, DevOps-native teams must address security issues at the beginning -- not the end -- of the development lifecycle,” said Wayne Jackson, CEO of Sonatype. “Sonatype was first to market with the Repository Health Check capability in 2012 and today it evaluates more than 50 million components across 25,000 repositories every day. With our next-generation features, Nexus Repository customers can feel confident their development practices are building in security from the start.”

The next-generation RHC feature is available now as part of the Nexus Repository 3.3 release.

The Latest

March 22, 2018

When it comes to smart app development, I have learned plenty of lessons over my years in technology. Here are five that are top of mind for me ...

March 21, 2018

Do you spend more time worrying about the "up-time" of your servers than the productivity of the employees who use them? Are you overly concerned with systems maintenance rather than software use cases? If you answered yes to any of those questions, you may need to consider low-code development ...

March 19, 2018

The global DevOps market size is expected to reach USD 12.85 billion by 2025, according to a new study by Grand View Research, registering an 18.60% CAGR during the forecast period ...

March 15, 2018

More than half of companies (52%) admit to cutting back on security measures to meet a business deadline or objective, according to a SecOps research report released by Threat Stack ...

March 13, 2018

While microservices can certainly be used for greenfield projects, the survey suggests that this is not the sole source of value. In fact, more than half of respondents indicate that they are also using microservices to re-architect existing projects. The reality we see is that microservices can offer value to users along their IT transformation journey — whether they are just looking to update their current application portfolio or are gearing up for new initiatives ...

March 12, 2018

As DevOps teams and developers are looking to make 2018 the year in which technical crises are avoided, continuous testing should be at the top of their resolutions list. Here are four steps developers and DevOps teams can take to ensure the benefits of continuous testing are effectively implemented throughout the development process ...

March 08, 2018

Digital leaders will outpace their rivals by adopting methodologies and mindsets that shorten software delivery cycles. They'll also get really, really good at rapid, iterative change following design thinking principles ...

March 06, 2018

There are six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments, and there are also some best practices companies can use to address those pain points ...

March 05, 2018

With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale. Far from it. There are six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments, and there are also some best practices companies can use to address those pain points ...

March 01, 2018

With the growing adoption of tablets and smartphones, companies are constantly seeking new web technologies that support multiple device types in addition to traditional desktops. At the same time, they are continually adding capabilities to their web applications that help users visualize and analyze data regardless of the platform or device used. To keep up in this changing technology environment, organizations must deliver these complex applications quickly, with high quality, and yet find ways to maximize their investment in these apps over the long haul ...

Share this