Sonatype, the US-based code quality management vendor, has added cloud access to its supply chain management tools ‘Lifecycle’ and ‘Firewall’, adding to existing on-premises and fully disconnected deployment options to become ‘run-anywhere’, it claims.
The Sonatype platform assesses elements across the software development lifecycle (SDLC) to identify critical security vulnerabilities and code quality issues through software composition analysis (SCA) and application security testing (AST).
Utilising a behavioural AI-driven component firewall, the platform can automatically block malicious malware from entering the SDLC, Sonatype claims. New components are scanned, and the AI acts to quarantine known malicious files and pass suspicious components to the Sonatype research team for review before entering the pipeline.
The platform also provides security policy automation with instant feedback at all stages of the development process with the intention of allowing developers to correct vulnerabilities early.
With cloud deployment, customers can protect their software supply chains without needing to deploy and manage infrastructure, making it suitable for organisations looking to streamline their infrastructure and rapidly scale.
Alongside the cloud and on-premises solutions, the Nexus Disconnected Environment (NDE) is an open source and dependency management solution available for air-gapped environments, which Sonatype claims makes it ideal for government and affiliated organisations that want to manage their open source software supply chains.
“As the use of open source software in modern applications continues to increase, so does the risk from malware and other vulnerabilities. Software supply chain attacks have jumped an astonishing 742% per year, on average, over the past three years,” said Mitchell Johnson, chief product development officer at Sonatype (pictured). “There has never been a greater need for the ability to detect code quality and implement security at the point of creation.”
[Image source: Business Wire]
