Sonatype Introduces Advanced Development Pack
October 15, 2020

Sonatype unveiled the Advanced Development Pack.

This new offering, available to Nexus Lifecycle customers, ensures developers select the highest quality OSS components that are used to build 90% of a modern application.

The Advanced Development Pack's dependency management enables developers to choose components based on project quality, ease-of-upgrade, and advanced knowledge of abnormal committer behavior, giving them confidence they've chosen the highest quality component available. It helps developers understand:

the cost of migrating to a newer or safer version and whether it is possible to do so without breaking their code
The performance of OSS projects they are choosing when it comes to release frequency, cadence of dependency updates, development team size, and popularity - helping guide choices to a higher quality pool of components
The frequency in which dependencies have become vulnerable and are remediated - helping them better grasp the cost and threat of relying on such packages
When suspicious behavior has been observed in project code commits - providing an early warning to malicious injection attacks from adversaries

With more than 67% of developers regularly impacted when dependency upgrades break the functionality of their application, Sonatype's Advanced Development Pack removes the guesswork, and tells developers exactly which dependencies provide the least costly upgrade path in terms of effort. Enhanced capabilities include: 

Breaking changes - enabling developers to instantly see which component version upgrades will require the least effort with the fewest breaking changes.

Release integrity - early warning system using AI and ML to automatically identify and block next-gen software supply chain attacks relying on typosquatting and malicious code injection. In the past 90 days, the malicious code detection bots supporting this feature have discovered 43 new malicious packages including electorn and loadyaml.

Project Hygiene Rating - health & hygiene rating system enabling developers to select projects with the very best track records of release frequency, popularity, vulnerability remediation times, developer staffing, and other performance attributes.  The exemplar, neutral, and laggard ratings assigned to each component were determined by a deep analysis of 30,000 OSS projects over a five year period.

Transitive Solver - tackling a project's overall risk and not just individual dependencies, Sonatype's transitive solver provides comprehensive remediation advice for solving both direct and transitive dependencies - all without violating policies or failing builds.

Component Chooser - an engine that helps developers search and compare OSS components in order to select the highest quality options. Component quality takes into account the project's hygiene rating, security and license compliance, and awareness of where else the component is being used within the developer's organization. This feature - currently in beta - will be generally available in 2021. 

"Developer ownership of the security and reliability of their code is increasingly important. With the Advanced Development Pack, we're bringing the most comprehensive set of data on OSS projects to their fingertips." said Brian Fox, CTO of Sonatype. "As a developer myself, my aim has always been to deliver the highest quality code to customers in the shortest period of time.  But when breaking changes, compliance issues, version control, and cybersecurity vulnerabilities pop-up, delivery timelines are challenged.  By reducing these speed bumps to delivery, we're going to make a lot of developers happier and enable them to spend more time innovating and less time fixing their code." 

Share this

Industry News

October 29, 2020

Cisco announced new software-delivered solutions designed to simplify IT operations across on-premise data centers and multicloud environments.

October 29, 2020

Bugsnag announced availability of user stability analytics, which will help developers gain a clearer understanding of how application errors are impacting the user experience and other key performance indicators (KPIs) for the business, as well as offer insights on whether to fix bugs or build new features.

October 29, 2020

HAProxy Technologies announced an open-source release of a VMware Open Virtual Appliance (OVA) virtual machine image of the HAProxy load balancer for vSphere, which HAProxy Technologies will maintain on GitHub.

October 28, 2020

Progress announced a number of new innovations designed to facilitate adoption and at-scale deployment of Chef offerings for both new and experienced users of the DevSecOps portfolio.

October 28, 2020

StackRox announced the release of KubeLinter, its new open source static analysis tool to identify misconfigurations in Kubernetes deployments.

October 28, 2020

Vercel announced Next.js 10 featuring a number of new capabilities that accelerate frontend developers’ ability to enrich end users’ web experiences globally.

October 27, 2020

ThinkTank has released a suite of applications designed to keep distributed agile teams aligned and engaged, regardless of physical location.

October 27, 2020

Cloudify, a Service Orchestration and Automation Platform, announced its latest 5.1 product release which aims to take one step further to permanently remove silos and roadblocks that are consistently associated with migration to the public cloud.

October 27, 2020

WhiteSource announced its new native integration for Microsoft Azure DevOps services.

October 26, 2020

NetApp unveiled a new serverless and storageless solution for containers from Spot by NetApp, a new autonomous hybrid cloud volume platform, and cloud-based virtual desktop solutions.

October 26, 2020

GeneXus released GeneXus 17, a new version of its platform that empowers enterprises to create and evolve new applications at unprecedented speed.

October 26, 2020

Alcide announced the company’s security solutions are now integrated with AWS Security Hub, sending real-time threat intelligence and compliance information to Amazon Web Services (AWS) for easy consumption by Security and DevSecOps teams.

October 22, 2020

Puppet announced Puppet Comply, a new product built to work with Puppet Enterprise aimed at assessing, remediating, and enforcing infrastructure configuration compliance policies at scale across traditional and cloud environments.

October 22, 2020

Harness announced two new modules: Continuous Integration Enterprise and Continuous Features.

October 22, 2020

Render announced automatic preview environments which are essential for rapid and collaborative development of modern applications.