Enhanced solutions take advantage of new algorithms to better identify security vulnerabilities in open source npm packages
Enhanced Algorithm, Expanded Coverage and Noise Reduction Across the Nexus Platform
npm automated pull requests for GitHub
Sonatype customers now have the ability to automatically update npm packages and their dependencies within an application when a policy violation is discovered. Sonatype’s Nexus Lifecycle evaluates known vulnerabilities, package licenses, and other architectural attributes, and immediately creates a pull request in GitHub when there is a newer or better version available in the public repository.
Sonatype is the leader in software supply chain automation technology with more than 350 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit Sonatype.com, or connect with us on Facebook, Twitter, or LinkedIn.