Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Sonatype aims to help developers reduce risk from open-source components

Lucian Constantin | Nov. 17, 2014
Software developers use a large number of open-source components, often oblivious to the security risks they introduce or the vulnerabilities that are later discovered in them.

CLM tracks security risks in Java components, but will soon be extended to .NET and NPM (Node Package Manager) components. Support for RubyGems, PyPI (Python Package Index), CPAN (Comprehensive Perl Archive Network) will be added over the coming year.

The rise of agile development and DevOps has put enormous pressure on organizations to deliver quickly, if not continuously, Jackson said. "So, the tools that are used to secure applications, to keep track of what's being used and to govern proper usage, have to also work in real time. That's the most important thing that we've done — making sure governance and creating secure software is something that can happen at the pace of Agile and DevOps."

Based in Fulton, Maryland, Sonatype specializes in streamlining software development processes through tools that automate repository management, component monitoring, collaboration, licensing policy enforcement and other tasks. Its products are used by large software vendors, as well as banks, credit card firms, aerospace companies and IT equipment vendors.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.