Sonatype Open Source Vulnerability, Governance and Security
Many Open Source libraries from sources such as Maven and NPM have security vulnerabilities. Sonatype’s Nexus platform prevents these risks through automated governance in your CI/CD pipeline and providing developers with up-to-date information about the libraries they are using early in the development process.
Features
- Advanced Binary Fingerprinting precisely identifies actual security defects.
- Rapidly fix real bugs with step-by-step instructions.
- Detailed information about security concerns right within developers IDEs
- Release managers can control which libraries are used via policies
Benefits
- Leverage highest quality open source components
- Reduce bugs and security breaches
- Automatically identify open source risk
- Release faster and with less risk
- Introduce governance into your open source library choices
- Automated governance for every phase of your CI/CD pipeline
- Give developers the information needed to make informed choices
Pricing
£175 a unit an hour
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
2 5 4 7 3 7 0 1 6 8 3 9 9 7 3
Contact
BDQ
Dominic Bush
Telephone: +44 (0)844 8265 236
Email: enquiries@bdq.cloud
Planning
- Planning service
- Yes
- How the planning service works
- As a Sonatype partner, BDQ provides licenses, consultancy and support for Sonatype's products. We provide implementation, training and configuration servies, so that you can get the very best from Sonatype.
- Planning service works with specific services
- Yes
- Hosting or software services the planning service works with
- Sonatype
Training
- Training service provided
- Yes
- How the training service works
- As part of a Sonatype implementation we deliver a package of training to ensure that users from Dev and Ops can get up and running quickly.
- Training is tied to specific services
- Yes
- Services the training service works with
- Sonatype
Setup and migration
- Setup or migration service available
- Yes
- How the setup or migration service works
- We can provide services to support users migrating from other SDLC products.
- Setup or migration service is for specific cloud services
- Yes
- List of supported services
- Sonatype
Quality assurance and performance testing
- Quality assurance and performance testing service
- Yes
- How the quality assurance and performance testing works
- Sonatype's Nexus platform puts automated governance into your CI/CD pipeline, identifying vulnerabilities in Open Source libraries from repositories such as Maven and NPM. It provides developers with the most up to date information about the libraries they are using and, by having this information early in the development lifecycle, risky code can be avoided.
Security testing
- Security services
- Yes
- Security services type
-
- Security risk management
- Security testing
- Certified security testers
- No
Ongoing support
- Ongoing support service
- Yes
- Types of service supported
- Hosting or software provided by a third-party organisation
- How the support service works
- We provide first line support of Sonatype's products to ensure that your development organisation gets up and running successfully with the Nexus platform.
Service scope
- Service constraints
- In order for the service to operate correctly, Sonatype's software must be configured following their best practice recommendations. BDQ will work with your IT and Development teams to ensure that this configuration proceeds smoothly.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Monday - Friday 9am - 5pm. Our response time is between 4 hours and 2 days depending on the severity of the issue. Out of hours support is available at additional cost.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Web chat support is available via Microsoft Teams or Zoom.
- Web chat accessibility testing
- None.
- Support levels
- We provide on-demand support to customers requiring assistance, via Cloud Support Engineers and Technical Account Managers. Please see our pricing document for more detail about the costs associated with our different levels of support.
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Sonatype
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Social Value
- Wellbeing
-
Wellbeing
BDQ operates a modern, inclusive set of working practices, providing a supportive working environment that takes account of the needs of individual employees, whether they might require flexible hours, mentoring and support, or even company loans to assist with relocations etc. Pay rises are awarded annually at or above inflation to ensure pay keeps pace with the cost of living, and the annual review process is also used to seek opportunities to provide additional help and support to employees.
Many of the Cloud-based services we resell and support have extensive collaboration features, providing various communication channels to promote productivity and flexible working. BDQ staff use many of these services in their day-to-day work, ensuring adoption across the organisation and familiarity with the services to better promote best practices with customers.
The use of these collaboration tools supports flexible working and work from home policies and maintains the social interaction of the office, despite disparate working locations, that is so essential to mental health and wellbeing. These benefits are felt among BDQ staff and the staff of our customers, and in the interactions between them.
Training, including the opportunity to achieve certifications and accreditations in the services, is provided to all staff, and the benefit of this knowledge is transferred to customers own staff through the various training courses and workshops that BDQ provides.
Retrospectives are carried out at the end of each major assignment to seek internal feedback and learn lessons, giving employees a stake in how the business is run. These sessions improve not only BDQ’s internal processes and procedures, but may also lead to significant business decisions, such as a recent Board decision to offer additional discounts to charities seeking our services.
Together, these practices promote a collaborative, consultative working culture within and between BDQ and our customers.
Pricing
- Price
- £175 a unit an hour
- Discount for educational organisations
- No