Sonatype Partners with Fugue
November 12, 2020

Sonatype announced a strategic partnership with Fugue to deliver an infrastructure-as-code (IaC) solution that shifts cloud security left into the developer workflow.

The partnership further advances the missions of Sonatype and Fugue to empower software developers with best-in-class tools so they can accelerate innovation and simultaneously improve application security, cloud infrastructure security, and continuous compliance with defined policy.

The combined capabilities of Sonatype and Fugue enable developers to find and fix security vulnerabilities when actively developing cloud applications, while at the same time preventing security vulnerabilities and compliance issues from surfacing in production due to misconfigured cloud infrastructure. The joint solution includes out-of-the-box guidance to assist developers when configuring IaC and automatically foster compliance with privacy and security standards, including CIS Foundations Benchmarks, GDPR, HIPAA, ISO 27001, NIST 800-53, PCI, SOC 2, and custom rules.

“Sonatype has a long and successful history of providing front-line software developers with friendly feedback pertaining to the health of open source libraries, making it easy for them to identify and remediate security risk, without slowing down innovation,” said Wayne Jackson, CEO of Sonatype. “In today’s cloud-native world, developers are not just responsible for building secure applications, they’re also responsible for configuring and provisioning secure cloud infrastructure using tools like Terraform. By working with Fugue, we’re equipping developers with the right information at the right time so they can always make healthy decisions when configuring IaC.”

In Q1 2021, Sonatype will offer new Nexus IaC capabilities as an add-on to its Nexus Lifecycle product that incorporates Fugue's cloud infrastructure security and compliance technology. This will make it possible for developers using Nexus Lifecycle to find and easily fix misconfigurations in Terraform plans before being applied to production infrastructure, and use those same policies with Fugue to ensure continuous compliance in production.

Additionally, Sonatype and Fugue will collaborate to bring the Fugue runtime SaaS continuous compliance solution to Sonatype customers.

“Sonatype and Fugue have a strong history of leadership in empowering developers to securely build and operate in order to keep their data safe. We’re proud to partner with them to deliver a single solution to address the full breadth of cloud security and compliance challenges,” said Phillip Merrick, CEO of Fugue. “The mutable nature of cloud APIs brings serious risk of post-deployment misconfiguration, and Sonatype and Fugue are making it possible for the first time to address all relevant cloud vulnerability surfaces — from initial development to runtime production environments — with a single solution using the same policies.”

Sonatype and Fugue are delivering a unified cloud security and compliance solution that empowers software developers to address the entire cloud threat landscape with:

- Open-source governance with Sonatype’s Nexus platform to shift security of software applications left to address open source risk and known vulnerabilities automatically at every phase of the CI/CD pipeline.

- Infrastructure-as-code governance with Sonatype’s new IaC capabilities, which integrate Fugue’s cloud infrastructure security and compliance technology for Terraform configurations.

- Continuous cloud compliance with Fugue to ensure cloud environments remain in compliance and free of misconfiguration vulnerabilities post-deployment — and demonstrate it at all times with automated reporting.

Share this

Industry News

May 19, 2022

Jellyfish announced the launch of Jellyfish Benchmarks, a way to add context around engineering metrics and performance by introducing a method for comparison.

May 19, 2022

Solo.io announced the addition and integration of Cilium networking into its Gloo Mesh platform, providing a complete application-networking solution for companies’ cloud-native digital transformation efforts.

May 19, 2022

Aqua Security announced multiple updates to Aqua Trivy, making it a unified scanner for cloud native security.

May 18, 2022

Red Hat unveiled updates across its portfolio of developer tools designed to help organizations build and deliver applications faster and more consistently across Kubernetes-based hybrid and multicloud environments.

May 18, 2022

Armory announced public early access to their new Continuous Deployment-as-a-Service product.

May 18, 2022

DataCore Software announced DataCore Bolt, enterprise-grade container-native storage software for DevOps.

May 17, 2022

DevOps Institute, a global professional association for advancing the human elements of DevOps, announced the release of the Upskilling IT 2022 report.

May 17, 2022

Replicated announced a host of new platform features and capabilities that enable their customers to accelerate enterprise adoption of their Kubernetes applications.

May 17, 2022

Codefresh announced that its flagship continuous delivery (CD) platform will be made accessible as a fully-hosted solution for DevOps teams seeking to quickly and easily achieve frictionless, GitOps-based continuous software delivery in the cloud.

May 16, 2022

Red Hat announced new capabilities and enhancements across its portfolio of open hybrid cloud solutions aimed at accelerating enterprise adoption of edge compute architectures through the Red Hat Edge initiative.

May 16, 2022

D2iQ announced a partnership with GitLab.

May 16, 2022

Kasten by Veeam announced the new Kasten by Veeam K10 V5.0 Kubernetes data management platform.

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.