Sonatype Nexus Lifecycle Automation

Do you use this solution to automate open source governance and minimize risk? If yes, how?

Charles Chani
DevSecOps at a financial services firm with 10,001+ employees
We use it to automate open-source governance and to minimize risk.
View full review »
Axel Niering
Achitekt at SV Informatik GmbH
The solution helps automate open-source governance and minimize risk. There are three points: The developer decides to use an open-source component, so he is going to add Wire Maven into the application. In this phase, he can already get information about possible vulnerabilities. If he ignores this, we can still absolutely detect such a problem later on and prevent it from being sent to production. This is a process which has several steps, of course, and we also want to use the firewall to prevent such libraries from downloading, but this is something we haven't done yet.
View full review »
Devin Duffy
Information Security Specialist at a financial services firm with 1,001-5,000 employees
We use it to automate open-source governance and minimize risks. That's my job. We tear apart the Jenkins build logs, we find artifacts, and we use it to scan those artifacts and notify the teams that there are vulnerabilities in their builds. We also have the automated lookup as well, so that's how we use it in our enterprise at the moment.
View full review »
Java Development Manager at a government with 10,001+ employees
In terms of open-source governance, the tool basically tells us all the threats that are out there in the public sector repositories, threats which, potentially, no one knows. We get to know them and we can use the tool to let other people know which direction to go in.
View full review »
Sign Up with Email