As more and more software development teams move to the cloud, it is now more important than ever to ensure that only the best open source components make it into a final application. With a 71% increase in open source related breaches within the last 5 years and over 21,000 new open source releases happening every day, it’s impossible for organizations to keep track of their open source usage manually. Automated open source governance practices must be integrated into every stage of the SDLC, including CI/CD.
That’s why I am happy to announce that we just released a Sonatype Lifecycle extension for Azure DevOps.
With this extension, a new step in the pipeline scans the build to identify any open source security, license, or quality policy violations. If a violation is found, Sonatype Lifecycle can fail the build or generate a warning in Azure DevOps with a link to the Sonatype Lifecycle policy report for violation details and expert remediation guidance.In a DevOps world, the only way to deliver secure applications at scale is to rely on precise intelligence about the quality of the open source components used within those applications. Sonatype Lifecycle provides the most precise intelligence regarding security vulnerabilities, license risk, and architectural quality of open source components and delivers that information directly within Azure DevOps as well as other tools in the DevOps toolchain. Automate your open source policies with confidence and deliver secure applications at scale with this new integration to Azure DevOps.
If you are a Sonatype Lifecycle customer you can download this new extension and start using it today from the Azure marketplace. Enjoy!