Sonatype Nexus 'Component Intelligence'

Overview

‚Component Intelligence‘ is a product suite containing Sonatype's Nexus Firewall, Lifecycle and Auditor. Included features and data enable an intelligent, automated software supply chain management regarding security requirements including threat intelligence for components. 

Nexus Firewall, Nexus Lifecycle and Nexus Auditor are powered by the Nexus IQ Server, each performing a different task:

  • Firewall stops components fraught with risk
  • Lifecycle routes components through the software supply chain
  • Auditor maintains the know-how about software components in use

Sonatype offers a free Application Health Check providing a bill of materials inventory of your open source and proprietary components. Scan one of you applications - the results may possibly generate surprises.

Functions Description Firewall Lifecycle Auditor

Policy management

Comprehensively customizable policy management for component identification and repository protection      

Audit

Instantly see every component flowing into your organization      

Quarantine

Stop, analyze, and selectively admit components  

 -

 -

Protection

Keep production apps safe from risky components      

Control

Create policy and manage rules for component usage for organisations, teams and applications

 -

 

 -

Integration

Direct integration with existing development tools: i. e. Eclipse, IntelliJ, Jenkins, Bamboo and SonarQube

 -

 

 -

Automation

Automation options for handling of unwanted components    

 -

Customization

Combine lifecyle intelligence with own applications using REST-APIs

 -

 

 -

Evaluation

On-demand evaluation via intuitive user interface or command line

 -

   

Reports

Drill into findings to discover security, license, and quality related issues

 -

 -

 

Compliance

Rules for not acceptable components and consequence actions      

Maintenance

Monitor applications continuously for newly-discovered component issues

 -

 

 -

Our opinion

Sonatype's ‚Component-Intelligence‘ product suite' provides more than component repository management only. Firewall, Lifecycle and Auditor are dedicated to reliability and security of open source components deployment vastly growing during the last years. 

The provision of a huge information basis for free binaries including recommended actions for identified problems is a Sonatype unique selling point. Get always-on component intelligence about restrictive licenses  and other quality characteristics. A comprehensive ‚Software Bill of Materials‘ about component age, popularity and release history plus security vulnerabilities essential for a high quality software development. 

In enterprise environments, especially in regulated industries, Sonatype's Intelligence products are widespread.

You would like to have an offer or have questions to us? We are looking forward to your mail or call, please use our contact form.

top

Questions?

Click here
to contact us