SmartBear has integrated TestComplete, its UI test automation tool, with BitBar, its native mobile device cloud.
Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product.
As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.
While open source and third-party software components bring greater efficiency to application development, they are not without their weaknesses. According to the 2017 DevSecOps Community Survey, 1-in-5 organizations confirmed or suspected a breach related to known vulnerabilities in open source components used in their applications -- up 50% over the past three years.
With the introduction of the next-generation RHC, Nexus Repository users can now automatically identify open source security risks at the earliest stages of their DevOps pipeline.
Specifically, the RHC feature empowers software development teams with three important capabilities:
- Provides actionable guidance on which components housed in the repository manager should be upgraded or replaced.
- Prioritizes the list of vulnerable components by severity and impact, detailing how many times each component was downloaded from the repository manager by developers in the past 30 days.
- Reveals month-over-month metrics on the hygiene of the organization’s software supply chain to identify improving standards or worrisome trends.
“To maximize velocity and quality, DevOps-native teams must address security issues at the beginning -- not the end -- of the development lifecycle,” said Wayne Jackson, CEO of Sonatype. “Sonatype was first to market with the Repository Health Check capability in 2012 and today it evaluates more than 50 million components across 25,000 repositories every day. With our next-generation features, Nexus Repository customers can feel confident their development practices are building in security from the start.”
The next-generation RHC feature is available now as part of the Nexus Repository 3.3 release.
Industry News
Elastic announced an expanded strategic partnership with Confluent to deliver the best integrated product experience to the Apache Kafka and Elasticsearch community.
Threat Stack announced its ability to support AWS Graviton2-based instances through the Threat Stack Cloud Security Platform.
Broadcom and Google Cloud announced a strategic collaboration to accelerate innovation and strengthen cloud services integration within the core software franchises of Broadcom.
Nylas announced the launch of Components, JavaScript UI/UX solutions that allow developers to bring productivity features to market faster without needing to design front-end elements from scratch.
Perforce Software announces its new version control desktop client — Helix Sync — enabling non-coders such as artists and designers to version digital assets, with a simple drag-and-drop UI.
ShiftLeft introduced ShiftLeft CORE, a unified code security platform.
GrammaTech announced a new version of its CodeSonar SAST (static application security testing) product that helps developers build safer and more secure code without disrupting workflows.
Panaya announced a strategic partnership with Being Guided, a Salesforce Consulting Partner, specializing in the CRM and Salesforce ecosystem, to bring Panaya's ForeSight solution to a wider audience.
Palo Alto Networks announced the second generation of Checkov, the static analysis tool for infrastructure as code (IaC).
Postman now allows any team with up to three members to collaborate in Postman with unlimited shared workspaces and unlimited shared requests at no cost.
Taos, an IBM company, has announced 24x5 managed service availability.
VMware unveiled expanded cloud workload protection capabilities to deliver security for containers and Kubernetes.
Catapult CX is launching the DevOps Institute’s (DOI) Assessment of DevOps Capabilities (ADOC).
Equinix announced that Tinkerbell, an all-in-one open source bare metal provisioning platform, has added significant new features since joining the Cloud Native Computing Foundation (CNCF) Sandbox program.