Skip to main content

2 min read

Partners in protection: why Adaptavist has teamed up with Sonatype

Sonatype Blog Image

We’re excited to announce our strategic partnership with Sonatype, offering security solutions that accelerate your development lifecycle.

In an age of highly distributed development, open-source is the innovative choice to remain agile and ensure best-practice adoption. But it’s not without its fragilities – and security remains a concern.

At Adaptavist, we’re on a mission to help organisations build secure innovations at speed and scale – from the best tools and processes to staying on top of compliance. That’s why we’re proud to be a Sonatype Platinum Enterprise Partner, to share the Nexus platform and help you develop, and deliver, securely.

Wide open to security breaches

Last year 24 percent of developers confirmed or suspected a security breach tied to open source. And with 21,000 new releases happening every day, manually managing usage is not a viable option. Luckily, the software industry is shifting left with DevSecOps, where security processes are becoming more automated and being handled directly by the development team. This, in turn, is speeding up deployment, supporting the rapid-release cycles now common across the industry.

At the forefront of the shift is Sonatype and the Nexus platform, which enables DevOps teams to automatically integrate security at every stage of the pipeline. Sonatype has been paving the way in software supply chain automation technology. It’s already trusted by 1,200 enterprise customers and 10 million software developers worldwide. Now, as a Platinum Enterprise Partner, Adaptavist can offer customers the power of Nexus’s security features, accelerating your go-to-market plans.

A seamless, secure experience

Integration is at Nexus’s core. It works seamlessly with GitHub, GitLab and Bitbucket (server and cloud), boosting automation, and combines in-depth component intelligence and real-time remediation guidance. Thanks to our partnership, developers will be able to bring information from Jira into the same SCM and IDE, generating automatic tickets and triaging open-source policy violations in sync with their daily workflow.

At Adaptavist, we know pressure on businesses to accelerate their digital transformation journey is at an all-time high, so it’s vital that software development can happen at pace, while maintaining iron-clad security. ‘Our strategic partnership with Sonatype will further strengthen our DevOps expertise,’ said Adaptavist CEO Simon Haighton-Williams, ‘while allowing us to offer customers greater confidence in delivering software, not only faster but more securely.’

Beyond public data sources

The Nexus platform is powered by Nexus Intelligence – a powerful database that delivers a universal and timely understanding of open-source security, licence, and architectural risk. It identifies 70 percent more vulnerabilities than alternative public databases, analysing more than 100 million components.

‘Nexus Intelligence dynamically monitors dozens of ecosystems like GitHub commit, every open source project, advisory websites, Google search alerts, OSS Index, and a plethora of vulnerability sites,’ said Wai Man Yau, General Manager International at Sonatype. ‘And it never stops learning.’

Secure your software supply chain

Our integrated service offering includes strategic guidance, assessments, and quick-starts to get you up and running with Nexus, and multi-year transformations to bring you onboard. No matter where you are in your DevSecOps journey, we can help.

Learn more about our partnership with Sonatype here