Sonatype Unveils NextGen Nexus Platform

Sonatype unveiled the latest version of its Nexus platform this week. The update of the company's flagship offering expands its suite of repository management and software security tools to offer "full-spectrum control of the cloud-native software development lifecycle," the company says, including third-party open-source code, first-party source code, infrastructure as code (IaC), and containerized code.

The Nexus Platform is a suite of solutions that together provide software development teams with a set of tools to help them find and fix the vulnerabilities that often come with open-source software. Because of the way the platform scales across every phase of the software development lifecycle (SDLC), Nexus effectively unites developers, security professionals, and IT operations into DevSecOps teams that can continuously monitor and mediate open-source risk.

Specifically, this update comes with:

  • Muse: A cloud-native source code analysis solution designed to help developers catch and fix performance, reliability, and security bugs during code review. Muse was built to deliver 24 pre-configured code analyzers to automatically assess each developer pull request and then report bugs as comments in code review.
  • Nexus Container: A "developer-friendly" container security solution providing continuous visibility into the composition and management of containers, "from development to delivery to run time. Powered by the NeuVector cloud-native security container, it also protects organizations from new, open-source, zero-day vulnerabilities using a Layer7 firewall to virtually patch containers in the wild.
  • Infrastructure as Code Pack: Designed to deliver out-of-the-box guidance to assist developers configuring cloud infrastructure and "foster compliance" with privacy and security standards. Integrated with Nexus Lifecycle, the pack will make it possible for developers to find and fix misconfigurations in Terraform plans before they are applied to production infrastructure. To ensure continuous IaC compliance in production environments leveraging the same policy sets, Sonatype announced a strategic partnership with Fugue.
  • Advanced Legal Pack: Designed to improve visibility into open-source license obligations for software development and legal teams. The company says the pack will "significantly reduce the time spent reviewing each new application release, ensuring development velocity is not hampered as the use of open source components continues to grow exponentially."
  • Nexus Community: New advanced migration support for open-source projects searching for homes on the heels of Bintray and JCenter sunsetting. "Open source projects can easily migrate their packages to a free Nexus Repository instance and/or Maven Central host," the company says.

"As software development teams race forward to deliver new digital innovations, software supply chain management and security has been ushered to center stage," said Sonatype CEO Wayne Jackson, in a statement. "Over the past six months, we've been working hard to expand our Nexus platform to deliver full-spectrum support to all application building blocks — not just open source — and truly enable developer productivity. As developers take on more responsibility for containers, code, and infrastructure, our mission is to make their lives easier while they make great software."

Sonatype bills itself as "the company that scales DevOps through open-source governance and software supply chain automation." The company's founders originated the Apache Maven project, which is the most widely used repository format in the Java development ecosystem, as well as the Maven-based Central Repository, which serves billions of components annually to developers. Sonatype pioneered componentized software development and has a rich history of supporting open-source innovation. The company continues to be a core contributor to the Apache Maven Project and the Central Repository.

About the Author

John K. Waters is the editor in chief of a number of sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].