Our website makes use of cookies like most of the websites. In order to deliver a personalised, responsive and improved experience, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. These cookies are completely safe and secure and will never contain any sensitive information. By clicking continue here, you give your consent to the use of cookies by our website.

Monday, 14 December 2015 17:38

Sonatype debuts first public repository firewall

Written by 

Nexus Firewall allows software developers to create applications that automatically use the latest secure builds of open source and third-party components

The continuous development treadmill produced by the DevOps methodology, requires developers to be on the ball when it comes to patching and updating third-party toolkits and any open source projects the application relies on.  For every new release, developers need to check every piece of source code included in the application and when you’re releasing on a daily schedule this can become an onerous task.  

Sonatype’s new Nexus Firewall is a perimeter software supply-chain solution for software developers.   Similar to a network firewall, it users a set of pre-defined rules that use automation to shield an organisation from obsolete or dangerous open source and other third party components from entering or exiting application development.  

By using the solution developers should avoid unnecessary rework by blocking and quarantining OSS components that do not meet policies, improve development hygiene through use of better, safer OSS components at the earliest point in the development process - the repository manager.

Additionally the solution blocks and quarantines any components that don’t meet policy requirements and provides detailed reports about what components are in the repository manager, including license obligations, known security vulnerability, industry adoption rates, and quarantine status.

Commenting on the release Wayne Jackson, CEO, Sonatype explained as many as  1 in 16 downloads from public repositories has a known vulnerability which leads to many unknowingly compromising their brand reputation.  “Now organisations can shield themselves from dangerous or outdated components entering their software supply chain with automated policy enforcement integrated at the earliest stage in the software development process, the repository manager.” He said.

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.



255x635 banner2-compressed