Azure DevOps Integration Now Available for Nexus Lifecycle
Developers need to know when and where violations were introduced in their applications so that they can address and remediate the issues efficiently and effectively. The earlier they get this information in the software development lifecycle, the easier it is to fix. So effective integrations like Azure DevOps help developers ... Read More
Cloud Security Concerns in 2021
Findings from our annual State of the Software Supply Chain Report, which looks at the use of open source software development, told us two main things: ... Read More
Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More
The Sonatype Nexus IQ plugin can now evaluate and analyze Javascript/Node components in your projects. This functionality is now available for IntelliJ IDEA, in use by an estimated 82% of Java developers as of 2020. IntelliJ IDEA is a feature-rich integrated development environment (IDE) with coding assistance and out-of-box support for a host of ... Read More
3-2-1, Lift off! It’s Time to Elevate Your Development with Sonatype Lift
Deep code analysis designed for developers and focused on code quality is here. When you have an awesome new product aimed at helping developers catch and fix code quality issues during code review, it’s hard not to get excited. Then, combine that with an even cooler new mascot, who by ... Read More
Onboarding Nexus Lifecycle Through SCM
Has anyone ever asked you where all of your applications were located; and your response was “Somewhere in GitHub?” We know that feeling too ... Read More
Secure What You Build and Where You Run It: Say Hello to the Infrastructure as Code Pack for Nexus Lifecycle
What is the IaC Pack and Why Should You Care? The Infrastructure as Code Pack is a new add-on to Nexus Lifecycle that enables developers to easily find and fix security vulnerabilities in their cloud infrastructure templates ... Read More
Open Source and Cloud Security Together at Last
Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today's popular cloud-native environments. ... Read More
GitLab: instant, inline, indispensable developer insights
Today we’re going to talk about letters, as in the alphabet. Did you ever see the Friends episode where Joey can’t afford an entire set of encyclopedias, so he just buys the one with the letter “V” and tries to steer every conversation to V words? What an awesome episode ... Read More
Hitting the Trifecta with GitLab Automated Merge Requests
We’ve been working to integrate component intelligence from Nexus Lifecycle directly into source control management (SCM) systems so that developers can choose the best open source components and build secure applications from the start ... Read More
Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments
Pull request line comments highlight the exact line(s) of code that introduced a policy violation, giving developers all the information they need to remediate open source risks and innovate securely without sacrificing speed. Developers need to know if code they commit introduces risks and why. The sooner they find potential ... Read More