Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud

October 11, 2019 By Michelle Dufty

2 minute read time

As more and more software development teams move to the cloud, it is now more important than ever to ensure that only the best open source components make it into a final application. With a 71% increase in open source related breaches within the last 5 years and over 21,000 new open source releases happening every day, it’s impossible for organizations to keep track of their open source usage manually. Automated open source governance practices must be integrated into every stage of the SDLC, including CI/CD.

That’s why I am happy to announce that we just released a Nexus IQ Extension for Azure DevOps. 

With this extension, a new step in the pipeline scans the build to identify any open source security, license, or quality policy violations. If a violation is found, Nexus Lifecycle can fail the build or generate a warning in Azure DevOps with a link to the Nexus Lifecycle policy report for violation details and expert remediation guidance.

Azure-Nexus-00Now, developers can easily see the components that violate policies directly within Azure Pipelines.

Azure-Nexus-01Or they can rest assured knowing that everything is fine when all of the open source components meet policy guidelines.

Azure-Nexus-03If there are open source policy violations, developers can clearly identify which components violate which policy and select the best version / component to generate a clean build.

Azure-Nexus-04The Nexus IQ Policy Evaluation report is also available in the Azure DevOps dashboard for a quick view into open source components used within the application.


In a DevOps world, the only way to deliver secure applications at scale is to rely on precise intelligence about the quality of the open source components used within those applications. Nexus Lifecycle provides the most precise intelligence regarding security vulnerabilities, license risk, and architectural quality of open source components and delivers that information directly within Azure DevOps as well as other tools in the DevOps toolchain. Automate your open source policies with confidence and deliver secure applications at scale with this new integration to Azure DevOps.

If you are a Nexus Lifecycle customer you can download this new extension and start using it today from the Azure marketplace. Enjoy!

Tags: Nexus Lifecycle, cloud, DevOps in the Cloud, open source software supply chain, software supply chain hygiene, featured, Product, Azure

Written by Michelle Dufty

Michelle Dufty is the Senior Director of Product Marketing at Sonatype where she brings solutions to market that unite development, security, and operations teams to accelerate software innovation while minimizing open source risk.