Sonatype, the company that scales DevOps through open source governance and software supply chain automation, and NeuVector, the leader in full lifecycle container security, announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place.
The use of Kubernetes and Containers has skyrocketed in recent years. According to Red Hat’s 2020 edition of The State of Enterprise Open Source report, 56% of organizations polled said they expected their use of containers to increase in the next 12 months. Similarly, a 2019 CNCF report saw that more than 50% of companies are running 250 or more containers. But, as pointed out in NeuVector’s Ultimate Guide to Kubernetes Security, Kubernetes and Containers are just as vulnerable to attacks and exploits from hackers and insiders as traditional environments, making streamlined security critical to all enterprises.
With NeuVector’s container vulnerability scanning integrated directly into Sonatype’s Nexus Lifecycle, users will be able to use Nexus Lifecycle’s unrivaled policy engine to set detailed parameters to generate a complete software bill of materials, with a single view of any associated risk. This integration further enables accurate identification and detailed remediation guidance for application-level vulnerabilities and virtual patching to protect production workloads that contain vulnerabilities.
“As container security becomes mission critical to DevSecOps, it’s vital that organizations aren’t just “checking-the-box” within an SCA solution. Customers need a holistic approach to analyze, monitor and track the contents and runtime configurations of their containers to realize risk,” said Brian Fox, CTO and Co-founder of Sonatype. “This is why we are partnering with NeuVector and bringing its best-in-class capabilities to our customers. Combined with Nexus Lifecycle’s policy engine, we will be providing one of the most robust, sustainable, and scalable solutions for containers.”
“End-to-end container threat visibility and protection is vital to defending enterprises’ micro-perimeters from increasingly sophisticated attacks and to ensure regulatory compliance,” said Gary Duan, CTO, NeuVector. “We’re excited to partner with Sonatype and to pair NeuVector with their award-winning Nexus platform. By integrating these complementary technologies, DevOps teams are better equipped to comprehensively view security risks at-a-glance, introduce security policy as code, leverage virtual patching, and safeguard production workloads.”
- Watch this demo to learn more about how to integrate NeuVector with Nexus
- Read more about how Sonatype is automating container security with NeuVector
Sonatype is the leader in software supply chain automation technology with more than 350 employees, over 1,200 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit Sonatype.com, or connect with us on Facebook, Twitter, or LinkedIn.
NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security for modern container infrastructures. NeuVector offers a cloud-native Kubernetes security platform with end-to-end vulnerability management, automated CI/CD pipeline security, and complete run-time security – including the industry’s only container firewall to block zero-day attacks and other threats. NeuVector customers include global leaders in financial services, healthcare, transportation, government and other industries. For customers in highly regulated industries, NeuVector simplifies compliance for PCI, GDPR, HIPAA, and other stringent data security mandates. NeuVector integrates with leading cloud platforms, CI/CD tools, and monitoring tools. Founded by industry veterans from Fortinet, VMware, and Trend Micro, NeuVector has developed patented behavioral learning for container security.