Enhanced Algorithm, Expanded Coverage and Noise Reduction Across the Nexus Platform
npm Automated Pull Requests for GitHub
We’re also employing automation where we can to speed up your processes. Nexus users now have the ability to automatically update npm packages and their dependencies when a policy violation is discovered. Sonatype’s Nexus Lifecycle evaluates known vulnerabilities, package licenses, and other architectural attributes, and immediately creates a pull request in GitHub when there is a newer or better version available based on an organization’s policy.
This addition underscores our company’s goal of shifting security left, putting more tools in the hands of developers to save time and simplify their experience. Developers are able to push quality control of their application development to a source control platform, where they work every day and can easily collaborate via code reviews, commits, and pull requests.
Using this type of early feedback and automation, we reduce rework and keep development teams focused on contributing business value rather than managing application component risk.
For free users, AuditJS uses OSS Index, a free database that will identify open source dependencies and determine if there are any known, publicly disclosed, vulnerabilities. For existing Sonatype customers, AuditJS integrates directly into Nexus Lifecycle, using the highly curated Nexus Intelligence data and immediately identifying policy violations as defined by your organization.
Watch the video demo below to see how to use the new npm automated pull requests and see AuditJS in action.