Sonatype Nexus Lifecycle Automation
Do you use this solution to automate open source governance and minimize risk? If yes, how?
We use it to automate open-source governance and to minimize risk.View full review »
The solution helps automate open-source governance and minimize risk. There are three points: The developer decides to use an open-source component, so he is going to add Wire Maven into the application. In this phase, he can already get information about possible vulnerabilities. If he ignores this, we can still absolutely detect such a problem later on and prevent it from being sent to production. This is a process which has several steps, of course, and we also want to use the firewall to prevent such libraries from downloading, but this is something we haven't done yet.View full review »
We use it to automate open-source governance and minimize risks. That's my job. We tear apart the Jenkins build logs, we find artifacts, and we use it to scan those artifacts and notify the teams that there are vulnerabilities in their builds. We also have the automated lookup as well, so that's how we use it in our enterprise at the moment.View full review »
In terms of open-source governance, the tool basically tells us all the threats that are out there in the public sector repositories, threats which, potentially, no one knows. We get to know them and we can use the tool to let other people know which direction to go in.View full review »