We're excited to announce a new feature within Nexus Lifecycle and Nexus Firewall: auto-remediation.
As part of Sonatype’s commitment to empowering developers with the ability to remediate quickly and easily, we’re continuing to invest in developer workflow improvements.
For those that already use Nexus Lifecycle, you know that the Component Information Panel (below) is a core part of the solution. Why? It provides developers (and their colleagues in application security) visibility into an open source component’s make and model. More importantly, the CIP highlights how that component stacks up against your organization’s open source governance policy, allowing engineers to pick the right component for their application and organization every time.
While we’ve always provided developers with data to make the right decision on component selection, we’re going one step further. Now, with auto-remediation, we’re making it even easier to choose the right component right within an IDE. For components that violate your company’s open source policy, the CIP will now automatically suggest the next compliant version of the component. Users will simply click on the suggested version, select “Migrate to Selected”, and -- viola! -- component migrated.
We want to enable developers to tackle vulnerabilities in the environments where they spend most of their time, including GitLab, GitHub, and BitBucket. Auto-remediation helps developers work smarter, not harder-- which is exactly our goal Sonatype. To learn more about our plans for integrations to source repos, watch as our Integrations’ Product Manager, Justin Young, shares his ideas on the future of auto-remediation.