Sonatype, the leader in software supply chain automation, today released a new version of its popular Nexus Lifecycle product which now includes a built-in service that enables software development teams to automatically and continuously examine the security and quality of open source components used within container images.

According to the 2017 DevSecOps Community survey, 88% of IT professionals are contemplating new and different approaches to security as container images are fast becoming an operational standard in DevOps-native environments.

The free service, known as Lifecycle Container Analysis (LCA), gives customers the ability to surface intelligence with respect to the quality of open source components inside of a container image and automatically apply and manage policies based on the results. With LCA, Nexus Lifecycle customers can now automatically govern open source hygiene for containerized applications in the same way they have long governed hygiene for non-containerized applications. Additionally, by using Sonatype's Nexus Repository as a free, private Docker registry, these same customers can easily organize, manage, and distribute trusted containers across their DevOps pipelines.

"Rather than treating security as an afterthought, high performance technology organizations view containers as an unprecedented opportunity to embed automated security controls into every phase of the software delivery pipeline. We have hundreds of enterprise customers like Goldman Sachs, Intuit, and Liberty Mutual already using Nexus Lifecycle to continuously govern the security and quality of open source components being used within their applications -- and beginning today the remarkable intelligence of Nexus Lifecycle has been extended to containers as well." -- Wayne Jackson, CEO, Sonatype