SAN FRANCISCO – GitHub Universe, Nov. 12, 2019 (GLOBE NEWSWIRE) -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today announced new integrations that strengthen GitHub with premium open source governance and dependency management controls.
Sonatype has long been the world’s premier provider of open source health and hygiene data and beginning today the company is announcing six new Nexus integrations with GitHub:
Automatically fix open source issues with trustworthy pull requests from Nexus Lifecycle
As the use of open source continues to skyrocket, the importance of understanding dependency trees becomes even more crucial to software security and innovation. According to Sonatype’s 2019 State of the Software Supply Chain report, teams that regularly update OSS dependencies deliver higher quality software with 65% fewer vulnerabilities.
This realization is motivating more and more software engineering teams to seek solutions that can automatically open GitHub pull requests to help developers continuously update dependencies. The challenge, however, is that automated pull requests are not created equal. Different from the competition, only Sonatype generates automatic pull requests that developers can truly trust.
“The easy part of dependency management is creating a service that can automatically open a GitHub pull request whenever new versions of dependencies are published,” said Brian Fox, CTO of Sonatype. “The hard part, however, is creating a service that is smart enough to understand in real-time the integrity of new versions before automatically opening a pull request.”
Sonatype generated pull requests are more intelligent because they’re based on Nexus Intelligence, giving developers confidence that they’re being recommended the best version available and removing friction in their GitHub pipeline. Nexus Intelligence, which powers Nexus Lifecycle, has analyzed more than 65 million open source components and cataloged over 10 million open source vulnerabilities, creating incredibly accurate OSS data that decreases noise to give developers greater peace of mind when automatically upgrading dependencies.
Innovate faster with less friction thanks to unrivaled, precise policy enforcement with Nexus for GitHub Actions
High velocity DevOps and Continuous Integration practices depend on automation to remain afloat. It’s vital that security is built directly into these pipelines to keep workflows moving and innovation rolling. This velocity makes precision and the highest quality data necessary to identify the best open source to use in software builds. Sonatype’s suite of new integrations with GitHub Actions brings the unique intelligence and power of the Nexus Platform directly to your CI/CD pipeline - making it even easier to develop secure software.
Additional Resources:
About Sonatype
Sonatype is the leader in software supply chain automation technology with more than 300 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit Sonatype.com, or connect with us on Facebook, Twitter, or LinkedIn.