It Pays to Discover Sonatype

The name of the presentation says it all: Procure Secure Components Faster with Superior Developer Experience. So announced Karthik Loganathan and Sheshagiri (Giri) Rao of Discover at the annual DevOps World | Jenkins World conference.

Discover, a leading financial services brand, offers banking, lending, and credit card services. Their credit cards alone process an enormous $143B in sales volume with $728B in annual receivables. The company’s proprietary applications — like software in other industries — relies heavily on open source software components.

DevOps Connect:DevSecOps @ RSAC 2022

Selecting Sonatype

Loganathan and Rao, managers and DevOps advocates, selected Sonatype to enhance Discover’s use and integration of open source components. They invested in much of the Sonatype Platform including:

Nexus Firewall to block specified components before entering Discover’s repo. Firewall works for multiple languages (e.g., Python, npm, NuGet, Java, PyPi, RPM, Go). This gives Discover’s developers the freedom to select any approved component that’s right for the job.

Nexus Lifecycle to apply automated policy review of app components, report on any OSS component violations, and detect new CVEs — all integrated into a developer’s IDE.

Loganathan and Rao also talk about the ability to apply security and license policies to all OSS – which run across both Nexus Lifecycle and Nexus Firewall. Specifically, they focus on evaluating non-permissive licenses, security violations, and the ability to issue real-time warnings. 

They selected the Sonatype Platform because, in use, the products present actionable information with the best precision necessary to completely avoid, or quickly remediate, open source risks. “Very few tools give this depth of actionable information,” says Rao.

He added that the on-boarding process was relatively easy, making it possible to deploy across teams quickly, especially once they added gamification to the process.

Immediate Benefits

The Discover teams got immediate benefit from Sonatype’s open source license management.

(Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: