We're excited to announce a new feature within Nexus Lifecycle and Nexus Firewall: auto-remediation.
As part of Sonatype’s commitment to empowering developers with the ability to remediate quickly and easily, we’re continuing to invest in developer workflow improvements.
For those that already use Nexus Lifecycle, you know that the Component Information Panel (below) is a core part of the solution. Why? It provides developers (and their colleagues in application security) visibility into an open source component’s make and model. More importantly, the CIP highlights how that component stacks up against your organization’s open source governance policy, allowing engineers to pick the right component for their application and organization every time.
While we’ve always provided developers with data to make the right decision on component selection, we’re going one step further. Now, with auto-remediation, we’re making it even easier to choose the right component right within an IDE. For components that violate your company’s open source policy, the CIP will now automatically suggest the next compliant version of the component. Users will simply click on the suggested version, select “Migrate to Selected”, and -- viola! -- component migrated.
Auto-remediation and migrate functionality are available within Eclipse, IntelliJ, and Visual Studio, with support for Java and NuGet. Within Lifecycle and Firewall dashboards and reports, engineers can access suggested remediation guidance for all supported formats, including Javascript, Ruby, and Python.
We want to enable developers to tackle vulnerabilities in the environments where they spend most of their time, including GitLab, GitHub, and BitBucket. Auto-remediation helps developers work smarter, not harder-- which is exactly our goal Sonatype. To learn more about our plans for integrations to source repos, watch as our Integrations’ Product Manager, Justin Young, shares his ideas on the future of auto-remediation.
Written by Sonal Thawani
Sonal is an experienced product manager and product marketing manager. As a Senior Product Marketing Manager at Sonatype, she's focused on spreading her awe for Nexus IQ Server.