Sonatype Adds Cloud-Native Container and Kubernetes Security for Developers

Sonatype, the leader in developer-friendly tools for software supply chain management and security, today announced Nexus Container, powered by NeuVector. Nexus Container is a Kubernetes-native, full life cycle container security solution that secures containerized applications from development to production.

Nexus Container enables Sonatype customers to continuously scan for security vulnerabilities and compliance misconfigurations from build to ship to run, and can keep these vulnerable images from deploying with admission controls. It is also the only solution to offer behavior-based run-time incident detection and inspection, allowing for the identification of any and all network traffic at application Layer 7 and every container process in order to automatically create behavior-based security policies. It also provides Deep Packet Inspection (DPI) to implement Data Loss Protection (DLP), and prevent zero-day malware and network attacks.

“In today’s cloud-native world, developers are increasingly packaging and delivering applications in the form of containers running in public, hybrid, and private cloud operating environments,” said Wayne Jackson, CEO of Sonatype.  “We’re proud to offer Nexus Container running on AWS, Azure, and Google Cloud Platform and supporting all cloud-native frameworks from day one. Its capabilities leap frog all other solutions on the market with deeper, smarter, and more accurate container insights.”

“NeuVector and Sonatype share a common vision of the importance of comprehensive data protection in container environments,” said Stephanie Fohn, CEO, NeuVector. “As enterprise adoption of cloud-native frameworks accelerates, security must be a priority. We’re excited to extend our partnership and power Nexus Container to ensure automated security and compliance at every stage of the software development lifecycle.”

Sonatype unveiled Nexus Container as part of its next generation Nexus platform offering customers full spectrum control of the cloud-native software development lifecycle including: third-party open source code, first-party source code, infrastructure as code (IaC), and containerized code.