Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the internal network, so our company uses Nexus Repository. We usually consider adding the firewall feature on top of the Repository, with the main purpose being to block malicious packages.
We use this tool for QA automation and QA quality checking. We check the quality of the code and the calls with SonarQube. If there is any kind of memory leak, it protects against that. When we want to move the code to the next level, we use Sonar Quality Gates. This is part of a QA automation process. We only then promote the code to UAT and then the product once it passes 80% of the threshold that we set for it.
Senior Cyber Security Architect and Engineer at a computer software company with 10,001+ employees
Real User
Mar 18, 2021
With the security concerns around open source, the management and vulnerability scanning, it's relatively new. In today's world more and more people are going through the open source arena and downloading code like Python, GitHub, Maven, and other external repositories. There is no way for anyone to know what our users, especially our data scientists and our developers, are downloading. We deployed Sonatype to give us the ability to see if these codes are vulnerable or not. Our Python users and our developers use Sonatype to download their repositories. Given the confidentiality of our customer, we keep everything on-prem. We have four instances of Sonatype running, two Nexus Repositories and two IQ Servers, and they're both HA. If one goes down, then all the data will be replicated automatically.
Application Security Tools are designed to ensure the security of applications by identifying vulnerabilities and potential threats during development and operation phases. They play a crucial role in safeguarding data integrity and user privacy.These tools provide comprehensive security assessments and support for applications, focusing on identifying weaknesses in code and preventing threats. Users share insights about their effectiveness in real-world environments, emphasizing their value...
Many companies, including ours, use Nexus Repository due to concerns about malware and critical vulnerabilities. There should be a specific method to prevent malicious packages from entering the internal network, so our company uses Nexus Repository. We usually consider adding the firewall feature on top of the Repository, with the main purpose being to block malicious packages.
The product helps with vulnerability and security assessment. It also helps with assessment at the configuration level.
We use this tool for QA automation and QA quality checking. We check the quality of the code and the calls with SonarQube. If there is any kind of memory leak, it protects against that. When we want to move the code to the next level, we use Sonar Quality Gates. This is part of a QA automation process. We only then promote the code to UAT and then the product once it passes 80% of the threshold that we set for it.
With the security concerns around open source, the management and vulnerability scanning, it's relatively new. In today's world more and more people are going through the open source arena and downloading code like Python, GitHub, Maven, and other external repositories. There is no way for anyone to know what our users, especially our data scientists and our developers, are downloading. We deployed Sonatype to give us the ability to see if these codes are vulnerable or not. Our Python users and our developers use Sonatype to download their repositories. Given the confidentiality of our customer, we keep everything on-prem. We have four instances of Sonatype running, two Nexus Repositories and two IQ Servers, and they're both HA. If one goes down, then all the data will be replicated automatically.