Fulton, MD – February 6, 2019 -- Today, Sonatype, the leader in automated open source governance, released a new version of its Nexus Lifecycle product giving Python development teams a simple way to manage PyPI packages and eliminate potential security risk lurking within third-party dependencies.
The use, and availability, of Python packages continues to grow exponentially as data scientists and developers begin to choose the language over R. Sonatype’s 2018 State of the Software Supply Chain reported that downloads from the PyPI repository grew significantly in 2017, averaging between 4.3 and 4.7 billion per month — or 52 billion on an annualized basis. However, as the language increases in popularity, the potential for vulnerabilities within development and production applications, grows with it. Sonatype researchers found that approximately 11% of PyPI packages have at least one known vulnerability.
This new Nexus Lifecycle capability enables Python development teams and application security professionals to write policy so they can:
Automatically and contextually enforce policies across the entire SDLC and ensure that Python applications contain only secure packages.
Continuously visualize package intelligence within popular tools including Jenkins, Bamboo, and Maven plugins
Assess your own application for open source vulnerabilities within seconds
Explore Sonatype’s Nexus Product Suite
More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline. Sonatype is privately held with investments from TPG, Goldman Sachs, Accel Partners, and Hummer Winblad Venture Partners. Learn more at www.sonatype.com.