Production-ready SBOMs, Sonatype & Red Hat align for slicker software factories
With open source security always in the spotlight (and proprietary too for that matter) especially at the enterprise-level, software supply chain management company Sonatype has announced news related to its Nexus Lifecycle software service.
In simple terms, Sonatype’s Nexus Lifecycle uses (you could say leverages, if you wish) Red Hat OpenShift Operator Certification to provides Software Bill of Materials (SBOM) visibility.
This is all designed to help provide insight into the open source components Red Hat OpenShift customers are using.
Component integrity
Sonatype’s Nexus Lifecycle combined with Red Hat OpenShift, creates an automated process that encourages component integrity and provides enhanced security features by developing a Software Bill of Materials (SBOM) that is license-compliant and highlights open source vulnerabilities.
The certification is hoped to enable Red Hat OpenShift customers to more easily and efficiently design an SBOM.
This, in turn, is hoped to help enterprises mitigate risk across their software development lifecycle and help organisations meet the new domestic and international cybersecurity requirement legislation.
“We are pleased that Sonatype’s Nexus Lifecycle Red Hat OpenShift Operator Certification is now positioned to further extend choice and flexibility for customers on the industry’s leading enterprise Kubernetes platform,” said Mark Longwell, director, partner alliances, hybrid platforms, Red Hat.
Longwell and team think that with Sonatype as a Red Hat OpenShift Certified Operator, customers will gain easier access to deploy Sonatype Nexus Lifecycle (in one click) via the Operator catalog section on Red Hat OpenShift.
Production-ready SBOM
Operators also provide automation across the stack—from managing the parts that make up the platform all the way to applications that are provided as a managed service.
“By leveraging this Red Hat OpenShift Operator Certification, Red Hat OpenShift users can now more easily integrate an automated production-ready SBOM into their Red Hat OpenShift pipelines, adding increased transparency into development that can help stop downstream cyber-attacks,” said Bruce Gordon, SVP of global channels & alliances at Sonatype.
Gordon thinks that this collaboration will help provide Red Hat and Sonatype customers with increased intelligence for creating and maintaining secure-focused, quality and innovative software at scale.
The collaboration will benefit from Sonatype’s status as a Red Hat Advanced Business Partner and from Sonatype’s Nexus Lifecycle’s certification as an open source and dependency management tool.
Sonatype’s Nexus Lifecycle: A promise to automatically find and fix open source vulnerabilities at every stage of the SDLC.