Opsera announced that two new patents have been issued for its Unified DevOps Platform, now totaling nine patents issued for the cloud-native DevOps Platform.
Sonatype released three integrations to automate DevSecOps practices for Atlassian customers.
The Nexus platform integrations will help Atlassian customers improve secure coding practices and enhance application security as organizations seek to innovate faster and build higher quality applications at scale.
To accelerate the delivery of new features and applications, developers are increasingly reliant on open source components. While eighty to ninety percent of a modern application is built from these open source software building blocks, 28% of developers acknowledge security breaches associated with the components they use. To help developers build safer applications faster, Sonatype is delivering three new Nexus platform integrations for Atlassian customers:
- Jira Software ticketing for Software Component Analysis (SCA) - The Nexus platform automatically creates Jira tickets that alert development teams when known security vulnerabilities, license risks, or architectural issues are found in open source software components being used in an application. Jira tickets are immediately put into daily development workflows for teams to triage with insight and remediation guidance.
- Bitbucket automated pull requests - The Nexus platform automatically informs developers of security or license risks within their open source dependencies and opens pull requests populated with recommended update and remediation paths. Bitbucket users can now remediate issues in seconds, armed with the world’s most robust intelligence around open source software components.
- Bitbucket Code Insights - The Nexus platform surfaces open source component security and license information relevant to a pull request. Developers using the Nexus platform integrated with Code Insights are notified when a change they make introduces risk, with contextual feedback for the individual branch they are working on, and the exact open source components that introduced the risk. This kind of information accelerates feedback loops for Bitbucket users that are critical to successful DevSecOps practices.
Sonatype’s new integrations work inside Bitbucket Cloud and Server.
“We’ve analyzed over 70 million open source software components to ensure developers have rapid, precise access to information about their quality and security,” says Brian Fox, co-founder and CTO of Sonatype. “The Atlassian integrations benefit from Sonatype’s deep, precise data. Not only is our database of vulnerable components 70% larger than other market alternatives, our data is curated to provide the most value and insight for the developers who need it.”
Sonatype is a member of the Atlassian Platform Partner Program, a collaboration that supports developer tooling -- other members include Jenkins, McAfee and Micro Focus.
Industry News
mabl announced the addition of mobile application testing to its platform.
Spectro Cloud announced the achievement of a new Amazon Web Services (AWS) Competency designation.
GitLab announced the general availability of GitLab Duo Chat.
SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
Postman announced its acquisition of Orbit, the community growth platform for developer companies.