News and Notes from the Makers of Nexus | Sonatype Blog

Say hello to our new GitLab integration

Written by Sonal Thawani | May 08, 2019

I'm thrilled to share that Sonatype Lifecycle now integrates with GitLab CI, bringing precise open source intelligence to GitLab users.

Why are we so excited about it? Let me share a bit more. According to our 2019 DevSecOps Community Survey, mature DevOps practices are 350% more likely than organizations without a DevOps practice to integrate automated security throughout the entire development process.

However, DevOps practice or not, the area within the development process that has the highest adoption of automated application security is in the Build/CI phase. Seventy-four percent of our respondents with elite DevOps practices already made the shift to automation within CI and over one-third of teams without a DevOps practice are automating security at the Build/CI phase, higher than any other area of the development process.

Given the data, it's not surprising that our awesome Integrations team is thinking about ways to surface Sonatype Intelligence in the CI tools developers are already using. I am pleased to announce the availability of our new GitLab integration.

Now GitLab and Sonatype Lifecycle users can run policy evaluations against build artifacts. By running a policy evaluation job in GitLab's CI/CD pipeline, the integration can pass or fail a build when applications include open source components that do not meet their organization's open source governance policies. With access to Sonatype Intelligence earlier in the development process, teams can reduce the possibility of security bottlenecks later in the delivery process, within the tools they use every day.

Directly within GitLab, users can see the results of the Sonatype Lifecycle scan and retrieve a summary report highlighting policy violation counts and the number of components impacted.

If you're as excited about our GitLab integration as we are, and want to learn more about upcoming Git-friendly treats, be sure to tune into Justin Young's session at the Nexus User Conference on June 12. Justin leads our Integrations team and will be giving us a sneak peak at the Integrations roadmap for the rest of the year.

What's the Nexus User Conference? An event you can't miss. It's a free, live, and online conference available to Sonatype Nexus Repository and IQ users, as well as all DevSecOps practitioners interested in understanding how the Sonatype Platform automatically enforces open source policy and controls risk across every phase of the SDLC. Click here to register.