Sonatype Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud

As more and more software development teams move to the cloud, it is now more important than ever to ensure that only the best open source components make it into a final application. With a 71% increase in open source related breaches within the last 5 years and over 21,000 new open source releases happening every day, it’s impossible for organizations to keep track of their open source usage manually. Automated open source governance practices must be integrated into every stage of the SDLC, including CI/CD.

That’s why I am happy to announce that we just released a Sonatype Lifecycle extension for Azure DevOps. 

Now, developers can easily see the components that violate policies directly within Azure Pipelines.

Or they can rest assured knowing that everything is fine when all of the open source components meet policy guidelines.

If there are open source policy violations, developers can clearly identify which components violate which policy and select the best version/component to generate a clean build.

The Sonatype Lifecycle Policy Evaluation report is also available in the Azure DevOps dashboard for a quick view into open source components used within the application.

In a DevOps world, the only way to deliver secure applications at scale is to rely on precise intelligence about the quality of the open source components used within those applications. Sonatype Lifecycle provides the most precise intelligence regarding security vulnerabilities, license risk, and architectural quality of open source components and delivers that information directly within Azure DevOps as well as other tools in the DevOps toolchain. Automate your open source policies with confidence and deliver secure applications at scale with this new integration to Azure DevOps.

If you are a Sonatype Lifecycle customer you can download this new extension and start using it today from the Azure marketplace. Enjoy!