Integrate Sonatype Nexus with Armory Spinnaker
Questions about Integrations?
Along with being an artifact repository, Sonatype Nexus can scan all dependencies uploaded to it. These reports can be passed along to Spinnaker to help automate decisions on if an application should be promoted or even deployed at all. Sometimes it may take a while for the application to go to production. Security is not a static, it changes all the time. While the application when built, may not have any issues, but when it is deployed there is a chance a new vulnerability can be found.
How the Integration Works:
Use the Spinnaker Sonatype Nexus stage after your application is built to determine what to do. This stage allows you to either continue the pipeline or stop it based on certain criteria. If a new vulnerability is found, the pipeline will stop with a message about needing to go back and fix your application.
Some decision examples include:
- No new vulnerabilities have been added to the application
- No vulnerabilities are in the application
This allows Sonatype Nexus reports to be brought to the front inside Spinnaker. Many developers spend more time in their CI/CD tools than they do in security tools. This gives the developer more insight into security for the things they are building.
- Ship software faster with less risk.
- Fully align Dev, Sec, and Ops teams.
- Infuse automated governance into every phase of your Spinnaker pipeline.
This feature currently exists as an Armory experiment in the form of a Run Job or webhook stage. Our Professional Services Team is happy to help customers implement the solution.
If you're interested in a native integration, contact us! We'd love to hear your feedback and use case.