Open Source and Cloud Security Together at Last

Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today’s popular cloud-native environments. 

Our uniquely combined capabilities will enable developers to easily find and fix security vulnerabilities in third party libraries – already an extensive part of the Nexus experience – while simultaneously preventing security and compliance issues due to misconfigured cloud infrastructure.

The more developers understand the quality and security of their code, the better their applications. Today, with many developers deploying applications directly to the cloud, that code might be a third-party open source library they are selecting or an AWS server they are configuring. It’s now more important than ever for developers to have guidance on how to select the highest quality open source components and how to develop secure and compliant cloud infrastructure.

As our CEO Wayne Jackson said in today’s press release – “In today’s cloud-native world, developers are not just responsible for building secure applications, they’re also responsible for configuring and provisioning secure cloud infrastructure using tools like Terraform. By working with Fugue, we’re equipping developers with the right information at the right time so they can always make healthy decisions when configuring IaC.”

Phillip Merrick, CEO of Fugue, echoed Wayne’s sentiment noting, “Sonatype and Fugue have a strong history of leadership in empowering developers to securely build and operate in order to keep their data safe. We’re proud to partner with them to deliver a single solution to address the full breadth of cloud security and compliance challenges.”

What is IaC?

Infrastructure as Code (IaC) uses scripts to automate the provisioning of IT infrastructure. Traditionally, managing servers and infrastructure was a very manual, time consuming process. Every time a developer (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Kevin Miller. Read the original post at: