Effective Tools for Software Composition Analysis

Because companies are defined by their customers, we connected with IT Central Station for real user experiences with Sonatype’s Nexus Lifecycle and Nexus Firewall. Our second in the series, we first looked at benefits of data quality to Software Composition Analysis (SCA). Today, we continue with other benefits to individual developers and development teams.

Managing the software supply chain can feel like an impossible task, especially for developers. That’s where an SCA solution fits in: by continuously monitoring the development life cycle, they can identify and remediate potential issues as they create new code. By allowing developers to define rules, actions, and policies that work best for the development process, Nexus Lifecycle gives developers control over their end of the software supply chain.

Boost Developer Productivity

The reality is that modern software development now makes up between 80 and 90% of a typical application is assembled from third-party and open source components. These components make up the software supply chain and Sonatype’s customers use the Nexus Lifestyle platform to maintain system best practices.

“[Nexus Lifecycle] has helped developer productivity,” explained Charles, a DevSecOps leader at a financial services firm. “It’s like working in the dark and all of a sudden, you’ve got visibility. You can see exactly what you’re using, and you have suggestions so that, if you can’t use something, you’ve got alternatives. That is huge.”

A Java Development Manager reported a reduction in the time to release secure apps by at least 50%:

“[Nexus Lifecycle] has also increased developer productivity to some extent because of the plugin which is included for the IDE [Integrated Development Environment]. It gives a report of the vulnerabilities. It does save time in figuring out the right open source versions that we need to use. It has helped improve the productivity (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by IT Central Station. Read the original post at:

Secure Coding Practices