BDQ

Sonatype Open Source Vulnerability, Governance and Security

Many Open Source libraries from sources such as Maven and NPM have security vulnerabilities. Sonatype’s Nexus platform prevents these risks through automated governance in your CI/CD pipeline and providing developers with up-to-date information about the libraries they are using early in the development process.

Features

• Advanced Binary Fingerprinting precisely identifies actual security defects.
• Rapidly fix real bugs with step-by-step instructions.
• Detailed information about security concerns right within developers IDEs
• Release managers can control which libraries are used via policies

Benefits

• Leverage highest quality open source components
• Reduce bugs and security breaches
• Automatically identify open source risk
• Release faster and with less risk
• Introduce governance into your open source library choices
• Automated governance for every phase of your CI/CD pipeline
• Give developers the information needed to make informed choices

£175 a unit an hour

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

254737016839973

Contact

Dominic Bush
+44 (0)844 8265 236
enquiries@bdq.cloud

Planning

• Planning service: Yes
• How the planning service works: As a Sonatype partner, BDQ provides licenses, consultancy and support for Sonatype's products. We provide implementation, training and configuration servies, so that you can get the very best from Sonatype.
• Planning service works with specific services: Yes
• Hosting or software services the planning service works with: Sonatype

Training

• Training service provided: Yes
• How the training service works: As part of a Sonatype implementation we deliver a package of training to ensure that users from Dev and Ops can get up and running quickly.
• Training is tied to specific services: Yes
• Services the training service works with: Sonatype

Setup and migration

• Setup or migration service available: Yes
• How the setup or migration service works: We can provide services to support users migrating from other SDLC products.
• Setup or migration service is for specific cloud services: Yes
• List of supported services: Sonatype

Quality assurance and performance testing

• Quality assurance and performance testing service: Yes
• How the quality assurance and performance testing works: Sonatype's Nexus platform puts automated governance into your CI/CD pipeline, identifying vulnerabilities in Open Source libraries from repositories such as Maven and NPM. It provides developers with the most up to date information about the libraries they are using and, by having this information early in the development lifecycle, risky code can be avoided.

Security testing

• Security services: Yes
• Security services type:
  • Security risk management
  • Security testing
• Certified security testers: No

Ongoing support

• Ongoing support service: Yes
• Types of service supported: Hosting or software provided by a third-party organisation
• How the support service works: We provide first line support of Sonatype's products to ensure that your development organisation gets up and running successfully with the Nexus platform.

Service scope

• Service constraints: In order for the service to operate correctly, Sonatype's software must be configured following their best practice recommendations. BDQ will work with your IT and Development teams to ensure that this configuration proceeds smoothly.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday 9am - 5pm. Our response time is between 4 hours and 2 days depending on the severity of the issue. Out of hours support is available at additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat support is available via Microsoft Teams or Zoom.
• Web chat accessibility testing: None.
• Support levels: We provide on-demand support to customers requiring assistance, via Cloud Support Engineers and Technical Account Managers. Please see our pricing document for more detail about the costs associated with our different levels of support.

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sonatype

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Social Value

• Wellbeing:

  Wellbeing

  BDQ operates a modern, inclusive set of working practices, providing a supportive working environment that takes account of the needs of individual employees, whether they might require flexible hours, mentoring and support, or even company loans to assist with relocations etc. Pay rises are awarded annually at or above inflation to ensure pay keeps pace with the cost of living, and the annual review process is also used to seek opportunities to provide additional help and support to employees.; ; Many of the Cloud-based services we resell and support have extensive collaboration features, providing various communication channels to promote productivity and flexible working. BDQ staff use many of these services in their day-to-day work, ensuring adoption across the organisation and familiarity with the services to better promote best practices with customers.; ; The use of these collaboration tools supports flexible working and work from home policies and maintains the social interaction of the office, despite disparate working locations, that is so essential to mental health and wellbeing. These benefits are felt among BDQ staff and the staff of our customers, and in the interactions between them.; ; Training, including the opportunity to achieve certifications and accreditations in the services, is provided to all staff, and the benefit of this knowledge is transferred to customers own staff through the various training courses and workshops that BDQ provides.; ; Retrospectives are carried out at the end of each major assignment to seek internal feedback and learn lessons, giving employees a stake in how the business is run. These sessions improve not only BDQ’s internal processes and procedures, but may also lead to significant business decisions, such as a recent Board decision to offer additional discounts to charities seeking our services.; ; Together, these practices promote a collaborative, consultative working culture within and between BDQ and our customers.

Pricing

• Price: £175 a unit an hour
• Discount for educational organisations: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.