SBN

Smarter policy and advanced component search with Nexus Lifecycle updates

In March, we talked about improvements to the Nexus Lifecycle policy tools and waivers. This month we’ve taken another step forward with better policy and waiver controls. This update helps development teams manage open source software components more easily across their projects.

Nexus Lifecycle improves your development pipeline with management tools that enhance quality and speed delivery, all at scale. This release goes beyond Nexus Lifecycle’s advanced reporting to enhanced searching, and makes policies even more flexible within your existing development tools.

Customized policy

Sonatype Nexus helps ensure that teams are only using the safest and most legally compliant software components, but flexibility is key. Different teams inside your organization have different risk profiles that may justify unique policies.

Just about every organization has a diverse set of projects ranging from internal tools that don’t see the light of day, to crucial software exposed to the internet. For mission-critical application teams, smart and effective security notifications are part of the process. If those same notifications and policy enforcement are applied to internally accessed applications in use by small teams, it could unnecessarily delay releases.

You need smarter software that reacts to your team’s needs and requirements.

Policy enforcement override

Nexus Lifecycle now lets you override corporate policy settings when onboarding new projects to adapt policy enforcement to those specific projects. While providing this flexibility, policy waivers provide all necessary tracking to make sure that the right controls are maintained and nothing crucial is missed.

Policy Enforcement Override will enable customers to onboard applications at scale, while continuing to build software. You can choose to inherit some or all of the base controls, including current waivers and license standards (pictured below).

article-new-feat-06-2022-20220629_2

Sonatype’s Policy Override configuration screen

More controls for security waivers

While Nexus Lifecycle automates many features of the development process (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Chris Good. Read the original post at: https://blog.sonatype.com/smarter-policy-and-advanced-component-search