Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Enhanced Support for Python in Nexus Lifecycle

February 06, 2019 By Michelle Dufty

At Sonatype, we pride ourselves on arming development and security teams with precise and actionable intelligence to build software faster, with less risk. Which is why I am happy to announce that we recently improved the precision with which we identify and secure PyPI packages in Nexus Lifecycle.  

This new release comes at a time when Python is quickly becoming the standard for developers and data scientists according to a recent survey and as witnessed by our own customer usage. Downloads from the PyPI repository grew significantly in the past year according to Sonatype’s 2018 State of the Software Supply Chain, averaging between 4.3 and 4.7 billion per month. And with every language, as usage increases, so does potential security vulnerabilities and license risk. In fact, approximately 11% of components housed in PyPI have a known vulnerability.

While we have been able to block undesirable Python packages from entering the software supply chain with Nexus Firewall for some time, this new release of Nexus Lifecycle fully automates PyPI governance across the entire SDLC. Now, development and application security teams can:

  • Define open source component policies by organization, team, and application type across the SDLC

  • Continuously visualize component intelligence within their favorite tools including the Jenkins, Bamboo, and Maven plugins

  • Automatically and contextually enforce policies across the entire DevOps pipeline

Check out this video from Andres Perez, Solutions Consultant to see how it works:

 

New to Nexus Lifecycle or just want to learn more? Visit us on my.sonatype.com to download new releases, view documentation, and chat with other Lifecycle customers.

Tags: Nexus Lifecycle, python, Product

Written by Michelle Dufty

Michelle Dufty is the Senior Director of Product Marketing at Sonatype where she brings solutions to market that unite development, security, and operations teams to accelerate software innovation while minimizing open source risk.