Sonatype Users Reveal the Benefits of Automated DevSecOps

Are DevSecOps policy enforcement tools a productivity benefit or burden that stifles creativity? It depends on the software.

Here at IT Central Station, we are always on the hunt for unbiased feedback from our users, to help tech professionals make educated decisions when buying enterprise software for their companies. In recent months, we gathered reviews for Sonatype Nexus Lifecycle and Nexus Repository to find out what users had to say about these two DevSecOps products. 

DevSecOps promises speed, innovation, and flexibility, all while incorporating security throughout — at least in theory. Achieving these desirable outcomes requires effort on a few fronts. 

First, there’s the task of bringing three previously separate teams (Developers, Security and IT operations professionals) together in a unified, coherent group with streamlined workflows. Second, there’s governance of the process. Get either of these wrong and you create unnecessary work and unhappy people.

Sponsorships Available

Sponsorships Available

Sponsorships Available

In their reviews, IT Central Station members speak to managing these practical issues in DevSecOps. These professionals highlight the top features in Sonatype’s product suite that enables them to balance DevSecOps speed and innovation with sound (and flexible) governance.

A single source of truth for your software parts: Sonatype Nexus Repository

Using Nexus Repository, developers are able to source the best components and combine them into a repository of trusted components.

DevSecOps relies on a high level of automation because manual processes can lead to lapses in policy enforcement. Ideally, the entire platform should automate open source governance to minimize risk and speed time to production. 

Yogesh S., a Senior Information Technology Specialist who uses Sonatype Nexus Repository at a mid-sized financial services firm said, “We use it [Sonatype Nexus Repository] every day for open-source governance. We have so many applications and so many services in our software supply chain. (Read more...)