Upgrading components within your project can be a tricky process. DevOps, AppSec and legal teams need to consider multiple variables before upgrading:

• Does the new version of this component pose a threat to my project’s security?

• What is the highest policy threat in this new version?

• Is the component compliant with my organization’s legal policies?

Since each variable has serious implications for the overall health of your software development lifecycle, making the correct decision could determine whether or not you’re at risk from cyber attacks. Worse, the weight of these decisions can stall development and add dev-hours spent looking into proper remediation.

Sonatype’s mission is to help you assemble applications with the highest quality components. We empower our users to make better, factually-informed decisions that keep their development pipeline safe and secure.

With the latest version of Nexus Lifecycle (Release 128), we’ve added new development, security, and legal enhancements, as well as a revamped component remediation experience, aimed at reducing friction across the software development lifecycle.

Get Version Perspective

The new Component Details page (pictured below), greatly improves usability and access to information. It includes the Component Information Panel (CIP), pulling intelligence distributed throughout Nexus Lifecycle into a single, easily accessible interface.

Component Details page

For policy violations, we have reduced clicks to find important component information from eight to one. This speeds up the remediation process by providing all of the information necessary to research, prioritize, and resolve violations.

The Version Explorer that highlighted popularity, breaking changes, and policy threats for a given component is now the Compare Versions table. This improved view allows comparisons of current component versions to a selected or desired version. This level of detail in an apples-to-apples comparison of your components is a first within the market.

Application security and development teams can now (Read more...)