Virtualization Technology News and Information
Sonatype Adds Automated Container Analysis to Nexus Lifecycle

Sonatype, the leader in software supply chain automation, today announced that it has incorporated Lifecycle Container Analysis (LCA) into its popular Nexus Lifecycle solution for automating the flow of components through modern software supply chains. Modern development teams can now automatically examine the quality and security of application components within containers moving through their DevOps pipeline. 

While containers bring greater efficiency to application development, they are not without their weaknesses. According to the July 2016 Gartner report, How to Secure Docker Containers in Operation, properly configured containers cannot provide 100% isolation for applications and therefore can still be compromised. In fact, Gartner lists malicious software components as one of two main threat vectors that can compromise container security.

With the introduction of LCA, Nexus Lifecycle can now examine applications housed inside of containers in the same way that it evaluates the quality of components in traditional applications. This allows Nexus Lifecycle to surface intelligence with respect to the quality of things inside the container and automatically apply and manage governance policies based on the results. LCA will effectively allow Nexus Lifecycle to peek inside the containers and see if any of the Java, NuGet, npm, or JavaScript components have known security vulnerabilities, license risks, or quality problems.

“Security concerns are one of the chief reasons why organizations have not swiftly moved containers into production,” said Wayne Jackson, CEO of Sonatype. “Containers are just a new type of part flowing through modern software supply chains and with LCA, Nexus Lifecycle customers can be confident that the components inside their containers are the highest quality and free from known vulnerabilities.”

Published Wednesday, December 07, 2016 9:31 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2016>