After an in-depth evaluation of 10 SCA solutions across 37 criteria on how they address the needs of security professionals and developers. Sonatype’s Nexus platform was recognized as a market leader, with strong performance and the largest market presence among all companies analyzed by The Forrester Wave, Q3 2021 in software composition analysis.
It highlights the creation of a solution that automates all parts of software supply chain security with an emphasis on open source security. More importantly, it shows how vital it is for organizations to have full control of their cloud-native development lifecycles, including third-party open source, in-house source code, infrastructure-as-code (IaC) and containerized code.
Key findings:
Stellar policy management, backed by precision data.
Forrester points to Sonatype’s superior policy capabilities and license and vulnerability remediation as key reasons for success. According to the report:
“Policy is an area of strength for Sonatype, with out-of-the-box policies that align with a variety of standards (particularly in the IaC suite) and a policy engine that allows users to create and assign policies to certain types of applications. “
The bottom line is to give organizations control of their code. Across the Nexus platform, customers can create custom security, licensing and architecture policies based on the type of application or organization and contextually enforce those policies at each stage of the software development lifecycle.
Sonatype has the broadest, deepest and most actionable database of open source components and vulnerabilities. It examines fingerprints, not just file names and package manifests, to accurately identify risk with advanced binary fingerprinting (ABF). It is this accuracy that allows us to promise few false positives and negatives, so when our customers set a policy, they know they can trust it.
Expanded portfolio and full-spectrum software supply chain automation.
Forrester highlighted the broad ability to automate the entire software supply chain as a strength. In March, Sonatype announced its “new” Nexus platform and, more recently, Sonatype Lift , which help make life easier for developers and security teams.
As security concerns around supply chains took center stage this year, Sonatype has implemented solutions that offer customers full-spectrum control of the cloud-native software development lifecycle, including:
– Third-party open source code
– Source code origin
– IaC
– Containerized code
– InnerSource
As Panorama Technologies, we are proud to be a Sonatype partner and to be able to help our customers improve security and speed in their development cycles.
Source: Forrester