New Integration to Visual Studio Code – Nexus IQ and OSS Index

Since I’m a developer, I’m gonna bless you with the tl;dr right here. Jump on over to the VS Code Marketplace and check out the new Nexus IQ integration to VS Code. For those of you that want to understand how we built it, why we built it, and the problems it solves, read on for more information.

Innovation Days at Sonatype

While we have had integrations to IDEs for some time, up until now we only supported Eclipse, IntelliJ, and Visual Studio – IDEs that are used primarily for Java and .Net development. However, many of our customers use VS Code to develop their software and asked if we could provide a VS Code extension to scan for vulnerable components. In order to better meet the needs of our customers and the demands of JavaScript, Python, R, and Go developers, Cameron Townshend, a Sonatype Solutions Consultant, started building a VS Code Extension during one of our innovation days.

At Sonatype, we participate in innovation days every two weeks, where employees take a break from their normal work and dive into projects they are interested in. All this activity culminates with a Hack-o-vation week, where larger teams band together to work on new interests or scale prior innovation day projects.

The Nexus Lifecycle (IQ Server) VS Code Extension was started and spearheaded by Cameron during previous improvement days. The first version of the integration was very popular with over 1,000 downloads, but it only worked with Nexus Lifecycle (IQ Server).

During our recent Hack-o-vation week, a team of developers including Cameron, Adrian Powell (Sonatype developer) and myself (Allen Hsieh) decided to extend the integration to support our free offering, Sonatype OSS Index, so that anyone could start scanning vulnerable open source components and gain insight into the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Allen Hsieh. Read the original post at: