:
Skip Navigation
Resources Blog Sonatype Lifecycle now integrates with Azure DevOps to ...

Sonatype Lifecycle now integrates with Azure DevOps to secure software supply chains in the cloud

As more and more software development teams move to the cloud, it is now more important than ever to ensure that only the best open source components make it into a final application. With a 71% increase in open source related breaches within the last 5 years and over 21,000 new open source releases happening every day, it's impossible for organizations to keep track of their open source usage manually. Automated open source governance practices must be integrated into every stage of the SDLC, including CI/CD.

That's why I am happy to announce that we just released a Sonatype IQ Extension for Azure DevOps.

With this extension, a new step in the pipeline scans the build to identify any open source security, license, or quality policy violations. If a violation is found, Sonatype Lifecycle can fail the build or generate a warning in Azure DevOps with a link to the Sonatype Lifecycle policy report for violation details and expert remediation guidance.

Azure-Nexus-00

Now, developers can easily see the components that violate policies directly within Azure Pipelines.

Azure-Nexus-01

Or they can rest assured knowing that everything is fine when all of the open source components meet policy guidelines.

Azure-Nexus-03

If there are open source policy violations, developers can clearly identify which components violate which policy and select the best version / component to generate a clean build.

Azure-Nexus-04

The Sonatype IQ Policy Evaluation report is also available in the Azure DevOps dashboard for a quick view into open source components used within the application.

Azure-Nexus-05

In a DevOps world, the only way to deliver secure applications at scale is to rely on precise intelligence about the quality of the open source components used within those applications. Sonatype Lifecycle provides the most precise intelligence regarding security vulnerabilities, license risk, and architectural quality of open source components and delivers that information directly within Azure DevOps as well as other tools in the DevOps toolchain. Automate your open source policies with confidence and deliver secure applications at scale with this new integration to Azure DevOps.

If you are a Sonatype Lifecycle customer you can download this new extension and start using it today from the Azure marketplace.

Picture of Michelle Dufty

Written by Michelle Dufty

Michelle Dufty is the Senior Director of Product Marketing at Sonatype where she brings solutions to market that unite development, security, and operations teams to accelerate software innovation while minimizing open source risk.