What We Learned from Studying 36,000 OSS Projects | Press Release

blog-logo Sonatype Blog

Say Hello to Our New GitLab Integration

May 08, 2019 By Sonal Thawani

I'm thrilled to share that Nexus Lifecycle now integrates with GitLab CI, bringing precise open source intelligence to GitLab users. 

Why are we so excited about it? Let me share a bit more. 

According to our 2019 DevSecOps Community Survey, mature DevOps practices are 350% more likely than organizations without a DevOps practice to integrate automated security throughout the entire development process. However, DevOps practice or not, the area within the development process that has the highest adoption of automated application security is in the Build/CI phase. Seventy-four percent of our respondents with elite DevOps practices already made the shift to automation within CI and over one-third of teams without a DevOps practice are automating security at the Build/CI phase-- higher than any other area of the development process.

The data shows automated application security is being built into the Build/CI phase. Nexus Lifecycle's integration with Gitlab CI makes that even easier.

Given the data, it’s not surprising that our awesome Integrations team is thinking about ways to surface Nexus Intelligence in the CI tools developers are already using. I am pleased to announce the availability of our new GitLab integration!

Now GitLab and Nexus Lifecycle users can run policy evaluations against build artifacts. By running a policy evaluation job in GitLab’s CI/CD pipeline, the integration can pass or fail a build when applications include open source components that do not meet their organization’s open source governance policies. With access to Nexus Intelligence earlier in the development process, teams can reduce the possibility of security bottlenecks later in the delivery process, within the tools they use every day.

GitlabCI_Pass_Fail_2019_May

Directly within GitLab, users can see the results of the Nexus Lifecycle scan and retrieve a summary report highlighting policy violation counts and the number of components impacted.

Directly within GitLab, users can see the results of the Nexus Lifecycle scan

If you’re as excited about our GitLab integration as we are, and want to learn more about upcoming Git-friendly treats, be sure to tune into Justin Young’s session at the Nexus User Conference on June 12. Justin leads our Integrations team and will be giving us a sneak peak at the Integrations roadmap for the rest of the year.

To learn how to run a Nexus Lifecycle scan in GitLab, click here. Then, head to the comments section and tell us what you think about it. 

What’s the Nexus User Conference?   An event you can't miss. It's a free, live, and online conference available to Nexus Repository and IQ users, as well as all DevSecOps practitioners interested in understanding how the Nexus Platform automatically enforces open source policy and controls risk across every phase of the SDLC.  Click here to register.

Tags: devsecops, securing CI/CD, Product, Community Product, GitLab

Written by Sonal Thawani

Sonal is an experienced product manager and product marketing manager. As a Senior Product Marketing Manager at Sonatype, she's focused on spreading her awe for Nexus IQ Server.