Sonatype Partners with NeuVector
September 16, 2020

Sonatype and NeuVector announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place.

With NeuVector’s container vulnerability scanning integrated directly into Sonatype’s Nexus Lifecycle, users will be able to use Nexus Lifecycle’s unrivaled policy engine to set detailed parameters to generate a complete software bill of materials, with a single view of any associated risk. This integration further enables accurate identification and detailed remediation guidance for application-level vulnerabilities and virtual patching to protect production workloads that contain vulnerabilities.

“As container security becomes mission critical to DevSecOps, it’s vital that organizations aren’t just “checking-the-box” within an SCA solution. Customers need a holistic approach to analyze, monitor and track the contents and runtime configurations of their containers to realize risk," said Brian Fox, CTO and Co-founder of Sonatype. "This is why we are partnering with NeuVector and bringing its best-in-class capabilities to our customers. Combined with Nexus Lifecycle's policy engine, we will be providing one of the most robust, sustainable, and scalable solutions for containers."

“End-to-end container threat visibility and protection is vital to defending enterprises' micro-perimeters from increasingly sophisticated attacks and to ensure regulatory compliance,” said Gary Duan, CTO, NeuVector.

“By integrating these complementary technologies, DevOps teams are better equipped to comprehensively view security risks at-a-glance, introduce security policy as code, leverage virtual patching, and safeguard production workloads,” Duan added.

Share this

Industry News

January 14, 2021

Oracle is making its popular APEX low-code development platform available as a managed cloud service that developers can use to build data-driven enterprise applications quickly and easily.

January 14, 2021

Parasoft announced its C/C++test update to support IAR Systems' build tools for Linux for Arm.

January 14, 2021

Harness raised $115 million in financing, reaching a valuation of $1.7 billion in just three years after launching from stealth.

January 13, 2021 launched with its cloud-based DevOps automation platform built specifically for software developers.

January 13, 2021

WhiteSource announced new WhiteSource Advise support for JetBrains' PyCharm and WebStorm integrated development environments (IDEs).

January 12, 2021

Red Hat has added new features to Red Hat Runtimes.

January 11, 2021

KubeSphere announced its expanded relationship with AWS to offer KubeSphere as an AWS Quick Start.

January 07, 2021

Red Hat announced its intent to acquire StackRox

January 07, 2021

Cigniti Technologies announced a partnership with Sonatype to help enterprise customers innovate faster and easily mitigate security risk inherent in open source.

January 07, 2021

Lacework announced a $525 million growth round with a valuation of over $1 billion.

January 06, 2021

BMC announced several new capabilities and enhancements for the BMC Automated Mainframe Intelligence (AMI) and Compuware portfolios that enable BMC mainframe customers to protect uptime and availability, defend the mainframe against cybersecurity threats, and advance enterprise DevOps.

January 06, 2021

Sysdig has achieved Service Organization Control (SOC) 2 Type II compliance for the Sysdig Secure DevOps Platform.

January 05, 2021

Allegro AI announced a rebranding of its key product Allegro Trains as ClearML.

January 05, 2021

Acryl unveiled a pilot service for Jonathan, an integrated AI platform that can be used in a variety of industries with a spectrum of users from non-experts to professional developers.

January 05, 2021

Weaveworks announced a $36.65 million Series C funding round.