Sonatype brings software security tools to AWS Marketplace

Sonatype has announced that its Software Bill of Materials (SBOM) Manager and Nexus Repository are now available through the AWS Marketplace. This development will enable Amazon Web Services (AWS) customers to access Sonatype’s comprehensive software supply chain security solutions through AWS’s digital catalogue.

Sonatype’s platform encompasses several key features. Among these are the Sonatype Firewall Repository’s open-source malware protection and Sonatype Lifecycle’s software composition analysis solution. According to the company, integrating these products within the AWS Marketplace will simplify the process for customers to purchase and manage the full suite of Sonatype's offerings within their AWS accounts.

The suite offers robust management of open-source components and associated risks throughout the software development lifecycle (SDLC). The benefits highlighted include eliminating uncertainties in SBOM collection, monitoring, and compliance, automatic blocking of malicious code and open-source malware, streamlined policy enforcement, improved incident response times, and accelerated software delivery processes.

Mitchell Johnson, Chief Product Development Officer at Sonatype, said, "In today's world, where enterprise software is constituted of more than 85% open source, and secure development regulations are increasing, organisations need a trusted partner like Sonatype to empower their developers to innovate, securely at lightning speed."

"With Sonatypes full platform and suite of solutions available in AWS Marketplace, we're making it easier than ever for businesses to harness the power of open source and fortify their software supply chains against risk, all powered by Sonatypes unrivalled open source data and security research."

According to the press release, organisations using Sonatype’s platform via AWS Marketplace can expect "26x faster identification and remediation of open source software (OSS) components." Additional reported benefits include a 70% reduction in exploitability windows from adversary attacks and a 99% decrease in developer time spent researching, securing approval, and downloading quality OSS components.

Sonatype SBOM Manager aims to streamline and automate the handling of an organisation's first and third-party SBOMs. This includes requesting, auditing, distributing, and monitoring SBOMs, enabling companies to stay updated with emerging software security regulations.

Furthermore, Sonatype’s Nexus Repository is designed to allow software development teams to efficiently scale and manage components, binaries, and build artefacts across their entire software supply chain. According to Sonatype, this repository integrates natively with all popular package managers, facilitating faster and more reliable development pipelines.

The Sonatype platform also features an artificial intelligence (AI)- -powered Repository Firewall that blocks over 2,100 malicious components monthly. This functionality helps prevent malware from infiltrating the software supply chain and affecting downstream systems.

Additionally, Sonatype’s deep insights into open-source vulnerabilities enable precise risk mitigation. Such capabilities are said to provide organisations with better control over software dependencies, offering a more secure and reliable foundation for application development.

Sonatype claims that its proprietary data, sourced from analysing hundreds of millions of open-source components, affords it a distinct advantage in delivering accurate and comprehensive software supply chain security solutions. This empowers organisations to innovate confidently and rapidly without the associated risks of open-source software.