Azure DevOps Integration Now Available for Nexus Lifecycle
Developers need to know when and where violations were introduced in their applications so that they can address and remediate the issues efficiently and effectively. The earlier they get this information in the software development lifecycle, the easier it is to fix. So effective integrations like Azure DevOps help developers shift left, keep applications secure, and speed up the pace of innovation.
How are development teams using Source Control Management systems?
Modern Source Control Management (SCM) systems provide a forum for ease of collaboration among developers as software evolves, where code gets shared and reviewed by both humans and machines. Developers are able to perform quality control of their application by enabling feedback via code reviews on both commits and pull requests.
The integration helps support customers throughout their open source software (OSS) governance growth and expansion. We can now onboard all of an organization’s applications that are stored in their source control repository, as well as delivering an Instant Risk Profile of the OSS used in these applications.
Nexus Lifecycle can continue to evaluate the customer’s source control to understand how these applications change over time. By leveraging continuous monitoring, we can suggest component updates and create automatic pull requests for new violations that are discovered in deployed applications.
Scanning all new pull requests means that we can deliver feedback to developers on net-new vulnerabilities during the code review process. And the best time to deliver these insights is when they’re actively writing and submitting code.
What are the main integration points between Nexus Lifecycle and SCMs?
Easy Onboarding and Instant Risk Profile
Nexus Lifecycle provides an enhanced experience to quickly onboard applications from GitHub, GitLab, Bitbucket, and Azure DevOps. This simplifies adoption and implementation across a development org, drastically reducing the time to remediation.
An Instant Risk Profile (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Kevin Miller. Read the original post at: https://blog.sonatype.com/azure-devops-integration-now-available-nexus-lifecycle
