Every piece of open source software actually consists of hundreds or thousands of different components. Most commercial software products also depend upon such open source libraries under the covers as well.
Sonatype addresses this problem by automating open source governance with its Nexus open source component repository.
Sonatype automates vulnerability management and governance, helping organizations manage the thousands of open source components they depend upon to keep their companies running and providing remediation guidance to developers.
The 2017 Equifax breach, where an out-of-date version of the open source Struts framework led to the theft of millions of records, is a prime example of the sort of problem Sonatype can mitigate.
The company also maintains the Maven Central repository of open source components as well as open source and commercial versions of Nexus.
Copyright © Intellyx LLC. Intellyx publishes the Agile Digital Transformation Roadmap poster, advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. As of the time of writing, none of the organizations mentioned in this article are Intellyx customers. To be considered for a Brain Candy article, email us at firstname.lastname@example.org.