DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. DevOps and CI/CD
  4. New Nexus Plugin for Jenkins Pipelines

New Nexus Plugin for Jenkins Pipelines

Your organization can now have access to continuous component intelligence within your CI/CD pipelines with the latest Nexus Platform plugin for Jenkins 2.x.

Justin Young user avatar by
Justin Young
·
Apr. 27, 17 · Opinion
Like (0)
Save
Tweet
Share
12.17K Views

Join the DZone community and get the full member experience.

Join For Free

Many organizations are quickly maturing their CI/CD practices in the hopes of winning the innovation battle. But where do security and governance practices fit in? As organizations embrace DevOps, quality and security cannot become an afterthought. The good news is that many DevOps practitioners agree, as evidenced by our recent DevSecOps survey. The data shows that mature DevOps organizations are automating security practices earlier in the development process compared to less mature DevOps organizations.

According to the survey, almost half of highly mature DevOps organizations are automating security during Development and 60% are analyzing security during QA/Test. This is important because as developers increase the speed at which they consume open source components, there is a higher probability of introducing some level of risk. The amount of risk could vary from something more benign like using an older component version that does not meet quality standards to something more serious like introducing a component with a critical vulnerability, exposing customer information.

Analyzing risk levels during the build is one way to automate security practices earlier in the development pipeline and “shift security practices left.” With the latest Nexus Platform plugin for Jenkins 2.x, organizations now have access to continuous component intelligence within their CI/CD pipelines.

Screen Shot 2017-04-14 at 4.53.13 PM.png
The Application Composition Report available within Jenkins identifies components containing security vulnerabilities, license risk, and quality issues, and ranks them according to their threat level. With this information, release engineers have visibility into the amount of risk within an application and can determine the best actions to take. For example, a policy waiver may be warranted if a developer is using the only secure version of a component which happens to violate an architectural age policy, while failing a build may be warranted if an application being released to production contains a critical security violation.

Screen Shot 2017-04-14 at 4.54.07 PM.png

So, how exactly does the integration work? Well, complex build processes written for Jenkins munge open source and proprietary libraries into one or many different deliverables which can be viewed as different “applications” from a Nexus perspective, and should therefore be scanned independently to evaluate different policies. Depending on the outcome of a policy evaluation, the pipeline logic can either continue, halt, or start an entirely new workflow in parallel to other build tasks to remediate the issue. The new Jenkins pipeline plugin programmatically invokes policy evaluations and returns the results in a machine readable format, automating the remediation response based on the evaluation results. With the new integration to Jenkins, Nexus policy evaluations work in concert with pipeline build behaviors to ensure only the best components are being used in production apps.

For organizations seeking to innovate faster, think about how you can shift your automated security practices left. Empower developers to use only the best components from the very beginning and catch security, license, and quality issues early in the development lifecycle. With the new integration to Jenkins pipelines, Nexus users have a DevOps native solution to meet their need for speed.

To learn more about our Jenkins integration and 30 others we introduced this week, please visit the Nexus Exchange.  We also invite you to join Sonatype’s webinar on May 10th discussing new integrations available in the Nexus Exchange.

Jenkins (software) Nexus (standard) Pipeline (software) security Open source Continuous Integration/Deployment

Published at DZone with permission of Justin Young. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Web Application Architecture: The Latest Guide
  • The Future of Cloud Engineering Evolves
  • How To Generate Code Coverage Report Using JaCoCo-Maven Plugin
  • Kotlin Is More Fun Than Java And This Is a Big Deal

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: