BDQ

Sonatype Open Source Vulnerability, Governance and Security

Many Open Source libraries from sources such as Maven and NPM have security vulnerabilities. Sonatype’s Nexus platform prevents these risks through automated governance in your CI/CD pipeline and providing developers with up-to-date information about the libraries they are using early in the development process.

Features

• Advanced Binary Fingerprinting precisely identifies actual security defects.
• Rapidly fix real bugs with step-by-step instructions.
• Detailed information about security concerns right within developers IDEs
• Release managers can control which libraries are used via policies

Benefits

• Leverage highest quality open source components
• Reduce bugs and security breaches
• Automatically identify open source risk
• Release faster and with less risk
• Introduce governance into your open source library choices
• Automated governance for every phase of your CI/CD pipeline
• Give developers the information needed to make informed choices

£160 a unit an hour

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

207580185656795

Contact

Dominic Bush
+44 (0)844 8265 236
enquiries@bdq.cloud

Planning

• Planning service: Yes
• How the planning service works: As a Sonatype partner, BDQ provides licenses, consultancy and support for Sonatype's products. We provide implementation, training and configuration servies, so that you can get the very best from Sonatype.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with: Sonatype

Training

• Training service provided: Yes
• How the training service works: As part of a Sonatype implementation we deliver a package of training to ensure that users from Dev and Ops can get up and running quickly.
• Training is tied to specific services: Yes
• Services the training service works with: Sonatype

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: We can provide services to support users migrating from other SDLC products.
• Setup or migration service is for specific cloud services: Yes
• List of supported services: Sonatype

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Sonatype's Nexus platform puts automated governance into your CI/CD pipeline, identifying vulnerabilities in Open Source libraries from repositories such as Maven and NPM. It provides developers with the most up to date information about the libraries they are using and, by having this information early in the development lifecycle, risky code can be avoided.

Security testing

• Security services: Yes
• Security services type:
  • Security risk management
  • Security testing
• Certified security testers: No

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Hosting or software provided by a third-party organisation
• How the support service works: We provide first line support of Sonatype's products to ensure that your development organisation gets up and running successfully with the Nexus platform.

Service scope

• Service constraints: In order for the service to operate correctly, Sonatype's software must be configured following their best practice recommendations. BDQ will work with your IT and Development teams to ensure that this configuration proceeds smoothly.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday 9am - 5pm. Our response time is between 4 hours and 2 days depending on the severity of the issue. Out of hours support is available at additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat support is available via Microsoft Teams or Zoom.
• Web chat accessibility testing: None.
• Support levels: We provide on-demand support to customers requiring assistance, via Cloud Support Engineers and Technical Account Managers. Please see our pricing document for more detail about the costs associated with our different levels of support.

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sonatype

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Improve Health and Wellbeing; At BDQ, we believe that the health and well-being of our community is paramount. Our commitment to this principle is reflected in our innovative cloud solutions that empower companies to collaborate more effectively, regardless of geographical barriers. By facilitating seamless communication and data sharing, we enable organizations to focus on what truly matters—nurturing the health and wellness of their teams.; ; Our virtual office model not only reduces environmental impact but also supports the mental and physical health of our team by eliminating commutes and allowing for flexible work arrangements. This approach empowers our employees to maintain a work-life balance, leading to reduced stress.; ; Our services are designed to minimize the stress of technical challenges for our clients. Through our cloud-based platforms, we provide the tools for companies to implement flexible working arrangements, promote wellness programs, and foster a culture of support and inclusivity.; ; We understand that a healthy work environment is foundational to personal and communal well-being. Together, we can build a more resilient and compassionate world where technology serves as a bridge to a healthier future for all.

Pricing

• Price: £160 a unit an hour
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.