Sonatype is a software company that helps organisations develop better software faster and more securely by providing tools and services that improve the quality and security of software components.
Sonatype has 15 of the 20 largest banks and more than 2000 customers worldwide. The company’s customers range from small startups to large enterprises and include companies in a wide range of industries such as financial services, healthcare, government and technology.
What is Sonatype?
Sonatype has a strong commitment to open source software and is a member of the Open Source Initiative (OSI), Eclipse Foundation and Apache Software Foundation. It provides organisations with full control of their SDLC to give them greater confidence in every piece of open source code, source code and containerised code. The company also sponsors and contributes to several open source projects, including Apache Maven, the popular build automation tool for Java projects. The Sonatype platform empowers speed and security in open source development.
What is Sonatype Repository Firewall?
Sonatype Repository Firewall is a product that provides an additional layer of security for organisations using open source components in their software applications. It is designed to prevent vulnerable and outdated open source components from being used in software applications by automatically blocking them at the repository level.
Sonatype Repository Firewall integrates with Sonatype Nexus Repository Manager, a popular tool for managing software components and packages. It works by scanning all traffic to and from the repository and blocking components that pose a security risk or violate the organisation’s policies.
The product is designed to be highly customisable, allowing organisations to create policies specific to their needs. For example, an organisation may choose to block components that have known vulnerabilities or are licensed in a way that is inconsistent with its policies.
- Block malicious components
Block malicious and suspicious packages until they are confirmed or cleaned by Sonatype’s security research team. - Automatically stop security vulnerabilities
Prevent known vulnerabilities and harmful open source versions from being downloaded into your repository. - Release cleaned components
Automatically release cleaned components into your development line for maximum efficiency.
- Determining policy according to risk tolerance
Decide which components are allowed into your SDLC based on risk factors such as age, popularity and licensing information. - Protect against the unknown
Set policy to block suspicious components even before they are publicly identified as vulnerable. - Configure automatic compliance
Prevent applications from proceeding with unwanted or unapproved components.
Sonatype Repository Firewall also provides detailed reports and analytics, allowing organisations to gain insight into the types of components used in software applications and the risks associated with those components.
Overall, Sonatype Repository Firewall is a powerful tool for organisations that are serious about securing their software applications. It provides an additional layer of protection against open source component vulnerabilities and helps organisations ensure that their software complies with their policies and industry regulations.
What is Sonatype Nexus Repository?
Sonatype Nexus Repository is a versatile tool for managing software components and packages. It provides a centralised location where developers can store, manage and distribute components, supporting various component types such as Java libraries, npm packages, Docker images and more. The tool includes version control, metadata management and artifact search features to make it easier for teams to find and manage components.
Nexus Repository provides strong security features such as role-based access control and LDAP integration, ensuring that only authorised users can access components. It also supports SSL and repository-level HTTPS, ensuring secure delivery of components. Nexus Repository integrates seamlessly with popular build tools such as Apache Maven, Gradle and npm, making it easy to automatically install components as part of the build process.
- Create quickly and reliably
Publish and cache components in a centralised repository that connects natively to all popular package managers. - DevOps simplicity
Control the lifecycle of progressive structures and custom metadata directly from your CI/CD server. - Scale without worry
Handle global workloads with dynamic storage, sanitisation policies and multi-node resilience.
- Flexible security
Control access to your components with single sign-on (SSO), role-based access controls, and full auditability. - Assess open source risk
Centralise your open source consumption to learn about risks in your software supply chain. - Block malicious components
Add Sonatype Repository Firewall to prevent OSS risk from entering your SDLC using next generation behavioural analysis and automated policy enforcement.
What is Sonatype Lifecycle?
Sonatype Lifecycle is a comprehensive software development tool that enables organisations to ensure the quality and security of their applications throughout the software development lifecycle. The tool provides continuous monitoring and analysis of open source components used in applications, allowing organisations to quickly identify and remediate any security or compliance issues.
Sonatype Lifecycle enables organisations to create custom policies that define security and compliance requirements for their applications. The tool continuously scans components used in applications against these policies and ensures that only approved components are used in development. It integrates with popular development tools such as Jenkins, JIRA and Eclipse, allowing organisations to incorporate security and compliance controls into existing development workflows.
- Check the risk before changing tools
Choose healthier components directly from your IDE or source control. - Code quality from the beginning
Prevent unplanned work, security breaches and maintenance issues with early detection and remediation. - Quickly remediate security vulnerabilities
Know the exact location of any component and its dependencies. Get precise intelligence to remediate threats quickly.
- Observe open source risk
Receive continuous monitoring and alerts about new vulnerabilities by component, risk level, or affected applications. - Automatically enforce policy
Customise policies to meet specific compliance goals and ensure they are implemented in a variety of development tools without sacrificing speed. - Create a Software BOM
Gain full visibility into every application in minutes for rapid remediation of vulnerabilities based on detailed intelligence.
By providing detailed reports and analysis, Sonatype Lifecycle enables organisations to gain insight into the open source components used in their applications and the risks associated with these components. This enables organisations to make informed decisions about which components to use in their applications.
Overall, Sonatype Lifecycle is a powerful and customisable tool for organisations that are serious about ensuring the quality and security of their applications throughout the software development lifecycle. Its continuous monitoring and analysis of open source components, as well as its integration with popular development tools, make it a popular choice for organisations of all sizes.