Sonatype Nexus Platform Offers 3 New DevOps Integrations for Atlassian
June 08, 2020

Sonatype released three integrations to automate DevSecOps practices for Atlassian customers.

The Nexus platform integrations will help Atlassian customers improve secure coding practices and enhance application security as organizations seek to innovate faster and build higher quality applications at scale.

To accelerate the delivery of new features and applications, developers are increasingly reliant on open source components. While eighty to ninety percent of a modern application is built from these open source software building blocks, 28% of developers acknowledge security breaches associated with the components they use. To help developers build safer applications faster, Sonatype is delivering three new Nexus platform integrations for Atlassian customers:

- Jira Software ticketing for Software Component Analysis (SCA) - The Nexus platform automatically creates Jira tickets that alert development teams when known security vulnerabilities, license risks, or architectural issues are found in open source software components being used in an application. Jira tickets are immediately put into daily development workflows for teams to triage with insight and remediation guidance.

- Bitbucket automated pull requests - The Nexus platform automatically informs developers of security or license risks within their open source dependencies and opens pull requests populated with recommended update and remediation paths. Bitbucket users can now remediate issues in seconds, armed with the world’s most robust intelligence around open source software components.

- Bitbucket Code Insights - The Nexus platform surfaces open source component security and license information relevant to a pull request. Developers using the Nexus platform integrated with Code Insights are notified when a change they make introduces risk, with contextual feedback for the individual branch they are working on, and the exact open source components that introduced the risk. This kind of information accelerates feedback loops for Bitbucket users that are critical to successful DevSecOps practices.

Sonatype’s new integrations work inside Bitbucket Cloud and Server.

“We’ve analyzed over 70 million open source software components to ensure developers have rapid, precise access to information about their quality and security,” says Brian Fox, co-founder and CTO of Sonatype. “The Atlassian integrations benefit from Sonatype’s deep, precise data. Not only is our database of vulnerable components 70% larger than other market alternatives, our data is curated to provide the most value and insight for the developers who need it.”

Sonatype is a member of the Atlassian Platform Partner Program, a collaboration that supports developer tooling -- other members include Jenkins, McAfee and Micro Focus.

Share this

Industry News

November 24, 2020

Red Hat announced new capabilities and features for Red Hat OpenShift, the company's enterprise Kubernetes platform.

November 24, 2020

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform.

November 24, 2020

DataStax released K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes.

November 23, 2020

Spectro Cloud has released a new, self-hosted version of its flagship product, Spectro Cloud.

November 23, 2020

GitLab completed integration of Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing.

November 23, 2020

Fugue announced the availability of its SaaS product in AWS Marketplace, further simplifying the process for Amazon Web Services customers to use Fugue to bring their environments into compliance quickly, demonstrate compliance at any time, and Shift Left on cloud security.

November 19, 2020

Rollbar announced AI-assisted workflows powered by its new automation-grade grouping engine.

November 19, 2020

Buildkite expanded its integration with GitHub and introduced a new onboarding experience.

November 19, 2020

Rancher Labs launched a new Partner Program for the OEM and embedded community.

November 18, 2020

Puppet announced its evolution to an integrated automation platform to enable key business initiatives such as scaling DevOps, risk reduction, policy as code, and evolving cloud strategies.

November 18, 2020

Adaptavist has joined the GitLab partner program as a Select partner.

November 18, 2020

Postman launched the beta version of public workspaces, a hub that makes it possible for both API producers and consumers to seamlessly communicate and collaborate in real time without team or organizational boundaries.

November 17, 2020

Red Hat introduced new capabilities for Red Hat Enterprise Linux and Red Hat OpenShift intended to help enterprises bring edge computing into hybrid cloud deployments.

November 17, 2020

Humio announced the availability of the Humio Operator.

November 17, 2020

Accurics announced that Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code (IaC), has been extended to support Helm and Kustomize.