Ranger4 DevOps Blog

Sonatype Release New Capabilities That Represent the World’s First Definitive Database and Coordinate System Capable of Precisely Identifying JavaScript Components and Versions

Posted by Steve Green on Wed, Oct 19, 2016 @ 14:10 PM

Ranger4 partner, Sonatype, the leader in software supply chain automation, yesterday unveiled an updated version of the Nexus platform that provides modern development organizations with unmatched, precise intelligence about npm and JavaScript components so they can continuously deliver higher quality software through DevOps automation and scale.

In direct response to market demand for DevOps-native tooling, Sonatype has delivered the world’s first and only coordinate system that is capable of precisely identifying all JavaScript contained in the npm, Central, and NuGet repositories. This enormous engineering effort was accomplished by mapping 43 million unstructured files and roughly 6 million unique JavaScript components into a single, definitive database that identifies names, versions, vulnerabilities, licenses, and code modifications associated with JavaScript components.

To understand the depth of this achievement consider the example of jQuery, the most popular JavaScript library that has been embedded, modified, and renamed in 72,000 npm packages.  In years past, due to the unstructured nature of the JavaScript ecosystem, development teams lacked the ability to quickly and reliably identify specific versions of jQuery to even know if a npm package was healthy or vulnerable. However, beginning today, organizations can use the Nexus platform to further automate and scale Continuous Delivery and DevOps practices and ensure that mission critical software consists of the highest quality JavaScript components.

“Organizations take the first steps toward releasing applications faster when they recognize two things: They cannot continue the way they work today; and with the right practices, faster releases are actually less risky,” wrote analysts Kurt Bittner, Diego Lo Giudice, and Amy DeMartine in the March 2016 Forrester report entitled Boost Application Delivery Speed And Quality With Agile DevOps Practices.  “Evaluating and approving standard components helps organizations streamline their software supply chains, improve quality, and reduce risk and cost.”

“Scaling a modern software supply chain requires deep intelligence that is precise enough to automatically weed out vulnerable, outdated, and defective open source components and packages,” said Wayne Jackson, CEO, Sonatype.  “Our customers operate in a polyglot world and that’s why we’re continuously investing to deliver the world’s best component intelligence not just for Java, but for JavaScript, .NET, RubyGems, PyPI, and other formats as well.”

Exciting times! If you want to know how to build security into your devops toolchain, get in touch at hello@ranger4.com. Stay DevOpstastic.

Topics: Security, Rugged DevOps, DevSecOps, Sonatype