Sonatype has teamed up with NeuVector to centralize container and open source security. The two companies announced a new integration that aims to provide a comprehensive view of all Kubernetes and Container open source risk in one place.
Users will benefit from NeuVector’s container vulnerability scanning being integrated directly into Sonatype’s Nexus Lifecycle. They will be able to use Nexus Lifecycle’s policy engine to set detailed parameters to generate a complete software bill of materials, with a single view of any associated risk.
By integrating these complementary technologies, DevOps teams are better equipped to view security risks at-a-glance, introduce security policy as code, leverage virtual patching, and safeguard production workloads.
Further, the integration enables accurate identification and detailed remediation guidance for application-level vulnerabilities and virtual patching to protect production workloads that contain vulnerabilities.
The use of Kubernetes and Containers has skyrocketed in recent years. But, as pointed out in NeuVector’s Ultimate Guide to Kubernetes Security, Kubernetes and Containers are just as vulnerable to attacks and exploits from hackers and insiders as traditional environments, making streamlined security critical to all enterprises.