Enables software teams to assess the quality of open source components used inside containers
Fulton, MD. – December 7, 2016 - Sonatype, the leader in software supply chain automation, today announced that it has incorporated Lifecycle Container Analysis (LCA) into its popular Nexus Lifecycle solution for automating the flow of components through modern software supply chains. Modern development teams can now automatically examine the quality and security of application components within containers moving through their DevOps pipeline.
While containers bring greater efficiency to application development, they are not without their weaknesses. According to the July 2016 Gartner report, How to Secure Docker Containers in Operation, properly configured containers cannot provide 100% isolation for applications and therefore can still be compromised. In fact, Gartner lists malicious software components as one of two main threat vectors that can compromise container security.
“Security concerns are one of the chief reasons why organizations have not swiftly moved containers into production,” said Wayne Jackson, CEO of Sonatype. “Containers are just a new type of part flowing through modern software supply chains and with LCA, Nexus Lifecycle customers can be confident that the components inside their containers are the highest quality and free from known vulnerabilities.”
- Learn more about Nexus Lifecycle
- Learn more about Lifecycle Container Analysis
- Learn more about Sonatype software supply chain automation solutions
- Read the latest on the Sonatype blog
- Follow Sonatype on Twitter: @sonatype
With more than 100,000 installations, companies around the globe use Sonatype’s Nexus solutions to manage reusable components and improve the quality, speed and security of their software supply chains. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel, Hummer Winblad Venture Partners, Morgenthaler Ventures, Bay Partners and Goldman Sachs. For more information, visit: www.sonatype.com
SpeakerBox Communications for Sonatype