Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the internal network, so our company uses Nexus Repository. We usually consider adding the firewall feature on top of the Repository, with the main purpose being to block malicious packages.
We use this tool for QA automation and QA quality checking. We check the quality of the code and the calls with SonarQube. If there is any kind of memory leak, it protects against that. When we want to move the code to the next level, we use Sonar Quality Gates. This is part of a QA automation process. We only then promote the code to UAT and then the product once it passes 80% of the threshold that we set for it.
Senior Cyber Security Architect and Engineer at a computer software company with 10,001+ employees
Real User
Mar 18, 2021
With the security concerns around open source, the management and vulnerability scanning, it's relatively new. In today's world more and more people are going through the open source arena and downloading code like Python, GitHub, Maven, and other external repositories. There is no way for anyone to know what our users, especially our data scientists and our developers, are downloading. We deployed Sonatype to give us the ability to see if these codes are vulnerable or not. Our Python users and our developers use Sonatype to download their repositories. Given the confidentiality of our customer, we keep everything on-prem. We have four instances of Sonatype running, two Nexus Repositories and two IQ Servers, and they're both HA. If one goes down, then all the data will be replicated automatically.
Application Security Tools are essential for organizations looking to protect their software applications from vulnerabilities that could lead to breaches or exploits. These tools provide automated solutions for identifying, managing, and mitigating risks associated with application vulnerabilities.These tools have gained recognition for their ability to integrate seamlessly into development pipelines, providing security teams with real-time data on potential risks. They support multiple...
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the internal network, so our company uses Nexus Repository. We usually consider adding the firewall feature on top of the Repository, with the main purpose being to block malicious packages.
The product helps with vulnerability and security assessment. It also helps with assessment at the configuration level.
We use this tool for QA automation and QA quality checking. We check the quality of the code and the calls with SonarQube. If there is any kind of memory leak, it protects against that. When we want to move the code to the next level, we use Sonar Quality Gates. This is part of a QA automation process. We only then promote the code to UAT and then the product once it passes 80% of the threshold that we set for it.
With the security concerns around open source, the management and vulnerability scanning, it's relatively new. In today's world more and more people are going through the open source arena and downloading code like Python, GitHub, Maven, and other external repositories. There is no way for anyone to know what our users, especially our data scientists and our developers, are downloading. We deployed Sonatype to give us the ability to see if these codes are vulnerable or not. Our Python users and our developers use Sonatype to download their repositories. Given the confidentiality of our customer, we keep everything on-prem. We have four instances of Sonatype running, two Nexus Repositories and two IQ Servers, and they're both HA. If one goes down, then all the data will be replicated automatically.