Sonatype bills itself as "the company that scales DevOps through open source governance and software supply chain automation." It is best-known for its Nexus repository manager, which is designed to allow users to proxy, collect and manage dependencies, rather than "juggling a collection of JARs," making it easier to distribute their software. The Nexus platform enables DevOps teams and developers to integrate security automatically at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance.
With this latest capability enhancement, Sonatype customers now have the ability to automatically update npm packages and their dependencies within an application when a policy violation is discovered. Sonatype's Nexus Lifecycle evaluates known vulnerabilities, package licenses and other architectural attributes, and immediately creates a pull request in GitHub when there is a newer or better version available in the public repository.
John K. Waters is the editor in chief of a number of Converge360.com sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS. He can be reached at [email protected].