Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product.
As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.
While open source and third-party software components bring greater efficiency to application development, they are not without their weaknesses. According to the 2017 DevSecOps Community Survey, 1-in-5 organizations confirmed or suspected a breach related to known vulnerabilities in open source components used in their applications -- up 50% over the past three years.
With the introduction of the next-generation RHC, Nexus Repository users can now automatically identify open source security risks at the earliest stages of their DevOps pipeline.
Specifically, the RHC feature empowers software development teams with three important capabilities:
- Provides actionable guidance on which components housed in the repository manager should be upgraded or replaced.
- Prioritizes the list of vulnerable components by severity and impact, detailing how many times each component was downloaded from the repository manager by developers in the past 30 days.
- Reveals month-over-month metrics on the hygiene of the organization’s software supply chain to identify improving standards or worrisome trends.
“To maximize velocity and quality, DevOps-native teams must address security issues at the beginning -- not the end -- of the development lifecycle,” said Wayne Jackson, CEO of Sonatype. “Sonatype was first to market with the Repository Health Check capability in 2012 and today it evaluates more than 50 million components across 25,000 repositories every day. With our next-generation features, Nexus Repository customers can feel confident their development practices are building in security from the start.”
The next-generation RHC feature is available now as part of the Nexus Repository 3.3 release.