Azure DevOps Integration Now Available for Nexus Lifecycle

Developers need to know when and where violations were introduced in their applications so that they can address and remediate the issues efficiently and effectively. The earlier they get this information in the software development lifecycle, the easier it is to fix. So effective integrations like Azure DevOps help developers ... Read More

Cloud Security Concerns in 2021

Findings from our annual State of the Software Supply Chain Report, which looks at the use of  open source software development, told us two main things:  ... Read More

Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

The Sonatype Nexus IQ plugin can now evaluate and analyze Javascript/Node components in your projects. This functionality is now available for IntelliJ IDEA, in use by an estimated 82% of Java developers as of 2020. IntelliJ IDEA is a feature-rich integrated development environment (IDE) with coding assistance and out-of-box support for a host of ... Read More
Sonatype Lift Logo - Cartoon Squirrel with Rocket Pack

3-2-1, Lift off! It’s Time to Elevate Your Development with Sonatype Lift

Deep code analysis designed for developers and focused on code quality is here. When you have an awesome new product aimed at helping developers catch and fix code quality issues during code review, it’s hard not to get excited. Then, combine that with an even cooler new mascot, who by ... Read More

Onboarding Nexus Lifecycle Through SCM

Has anyone ever asked you where all of your applications were located; and your response was “Somewhere in GitHub?” We know that feeling too ... Read More

Secure What You Build and Where You Run It:  Say Hello to the Infrastructure as Code Pack for Nexus Lifecycle

What is the IaC Pack and Why Should You Care?  The Infrastructure as Code Pack is a new add-on to Nexus Lifecycle that enables developers to easily find and fix security vulnerabilities in their cloud infrastructure templates ... Read More

Open Source and Cloud Security Together at Last

Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today's popular cloud-native environments.  ... Read More
Funniest Friends Storylines - Joey's Encyclopedia

GitLab: instant, inline, indispensable developer insights

Today we’re going to talk about letters, as in the alphabet.  Did you ever see the Friends episode where Joey can’t afford an entire set of encyclopedias, so he just buys the one with the letter “V” and tries to steer every conversation to V words? What an awesome episode ... Read More

Hitting the Trifecta with GitLab Automated Merge Requests

We’ve been working to integrate component intelligence from Nexus Lifecycle directly into source control management (SCM) systems so that developers can choose the best open source components and build secure applications from the start ... Read More

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

Pull request line comments highlight the exact line(s) of code that introduced a policy violation, giving developers all the information they need to remediate open source risks and innovate securely without sacrificing speed. Developers need to know if code they commit introduces risks and why. The sooner they find potential ... Read More

Secure Coding Practices