FULTON, Md., Nov. 17, 2014 /PRNewswire/ -- Sonatype, a software company that enables developers to easily build software applications while significantly reducing security, compliance, and licensing risks, today released a new version of its Component Lifecycle Management (CLM) software. An industry first, developers can now avoid security risks without missing business-critical delivery deadlines.
While the availability of open source components has dramatically accelerated application development and release schedules, developers are using billions of open source components of unknown origin and risk annually. As a result, many applications containing high profile, known vulnerabilities, such as Struts2, are being released into the wild on a daily basis. To date, there has been no way to track and trace these known bad components nor their dependencies AND keep pace with today's agile development requirements. Now, that is no longer the case.
"Developers frequently complain that the security world doesn't get it," said Wayne Jackson, CEO Sonatype. "Application security must work at the speed of development or it won't work. And businesses rely on this speed to compete and thrive. We always have the developer community top-of-mind as we enhance our CLM software to keep applications secure without putting release schedules at risk and slowing the speed of business."
This new version of CLM provides unprecedented visibility across development teams working with Java, NPM, and NuGet open source components. CLM also provides visibility to where risk resides across market-leading DevOps tools including Maven, Nexus, Hudson, Jenkins, Bamboo, Sonar, Eclipse, etc.
Product Benefits Include:
Sonatype CLM perpetually monitors risks across the entire software lifecycle. As soon as a vulnerable OSS component is selected for use in an application by a development team, or when a new open source vulnerability is disclosed, it's instantly flagged for development and application security professionals, and integrated decision support is provided to remediate the risk. A huge leap forward for over-burdened developers -- detection and correction takes minutes versus traditional application security and manual open source governance approaches that take days to weeks.
Sonatype's new software is available for purchase today. For more information, please visit:
Every day, developers rely on millions of third party and open source building blocks — known as components -- to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don't have to make the tradeoff between going fast and being secure. Policy automation, ongoing monitoring and proactive alerts makes it easy to have full visibility and control of components throughout the software supply chain so that applications start secure and remain that way over time. Sonatype is privately held with investments from New Enterprise Associates (NEA), Accel Partners, Bay Partners, Hummer Winblad Venture Partners and Morgenthaler Ventures. Visit: www.sonatype.com