Hitting the Trifecta with GitLab Automated Merge Requests

We’ve been working to integrate component intelligence from Nexus Lifecycle directly into source control management (SCM) systems so that developers can choose the best open source components and build secure applications from the start ... Read More

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

Pull request line comments highlight the exact line(s) of code that introduced a policy violation, giving developers all the information they need to remediate open source risks and innovate securely without sacrificing speed. Developers need to know if code they commit introduces risks and why. The sooner they find potential ... Read More

Continuously Improve CI/CD with Nexus Lifecycle and Bitbucket Code Insights

Over the last few weeks we’ve been highlighting our integrations with Atlassian that bring open source governance insights right into your favorite Atlassian tools. We have integrations for planning and building applications. We wanted to save our newest integration into developer tooling for last: Bitbucket Code Insights. According to Atlassian, ... Read More

Build Better Code Using Sonatype’s Integrations with Atlassian

Increase efficiency with automation and integrations between your favorite development tools As more and more software development teams rely on open source, it is now more important than ever to ensure that only the best open source components make it into a final application. With a 71% increase in open ... Read More

Smart Teams Use Atlassian and Sontaype to Plan Development Work

Jira software from Atlassian is one of the most widely used software in the world, helping agile development teams plan projects and manage stories, epics, tasks, tickets, workflows and backlogs. Smart developers use Sonatype's Nexus Platform to automatically find and fix open source vulnerabilities in their projects. We enable companies ... Read More

Smart Teams Use Atlassian and Sonatype to Plan Development Work

Jira software from Atlassian is one of the most widely used software in the world, helping agile development teams plan projects and manage stories, epics, tasks, tickets, workflows and backlogs. Smart developers use Sonatype's Nexus Platform to automatically find and fix open source vulnerabilities in their projects. We enable companies ... Read More

Keep Applications Secure in Atlassian Bitbucket with Automated Pull Requests

As development organizations seek to innovate faster and build more secure applications at scale, one of the trends we’re seeing is the desire to automate dependency management and bring security into the places where developers spend most of their time. This was evident in our 2019 State of the Software ... Read More

Developers Gain Contextual Feedback with Automated Pull Request Commenting

At Sonatype, we work continuously to increase awareness of open source risk, and decrease the time it takes you to make your applications safe. It is our never ending quest to shift security left. We’ve rolled out even more granular and automated policy feedback with pull request comments directly in ... Read More

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

We’ve recently rolled out enhanced support for JavaScript that provides developers with improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the entire software development lifecycle. Our enhancements for JavaScript give developers less noise when finding vulnerabilities, allow for better automation, more ways to scan, and ... Read More