The continuous development treadmill produced by the DevOps methodology, requires developers to be on the ball when it comes to patching and updating third-party toolkits and any open source projects the application relies on. For every new release, developers need to check every piece of source code included in the application and when you’re releasing on a daily schedule this can become an onerous task.
Sonatype’s new Nexus Firewall is a perimeter software supply-chain solution for software developers. Similar to a network firewall, it users a set of pre-defined rules that use automation to shield an organisation from obsolete or dangerous open source and other third party components from entering or exiting application development.
By using the solution developers should avoid unnecessary rework by blocking and quarantining OSS components that do not meet policies, improve development hygiene through use of better, safer OSS components at the earliest point in the development process - the repository manager.
Additionally the solution blocks and quarantines any components that don’t meet policy requirements and provides detailed reports about what components are in the repository manager, including license obligations, known security vulnerability, industry adoption rates, and quarantine status.
Commenting on the release Wayne Jackson, CEO, Sonatype explained as many as 1 in 16 downloads from public repositories has a known vulnerability which leads to many unknowingly compromising their brand reputation. “Now organisations can shield themselves from dangerous or outdated components entering their software supply chain with automated policy enforcement integrated at the earliest stage in the software development process, the repository manager.” He said.