BDQ

Sonatype Open Source Vulnerability, Governance and Security

Many Open Source libraries from sources such as Maven and NPM have security vulnerabilities. Sonatype’s Nexus platform prevents these risks through automated governance in your CI/CD pipeline and providing developers with up-to-date information about the libraries they are using early in the development process.

Features

  • Advanced Binary Fingerprinting precisely identifies actual security defects.
  • Rapidly fix real bugs with step-by-step instructions.
  • Detailed information about security concerns right within developers IDEs
  • Release managers can control which libraries are used via policies

Benefits

  • Leverage highest quality open source components
  • Reduce bugs and security breaches
  • Automatically identify open source risk
  • Release faster and with less risk
  • Introduce governance into your open source library choices
  • Automated governance for every phase of your CI/CD pipeline
  • Give developers the information needed to make informed choices

Pricing

£700 a person a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 1 9 1 1 3 8 1 9 6 6 3 1 6 7

Contact

BDQ Dominic Bush
Telephone: +44 (0)844 8265 236
Email: enquiries@bdq.cloud

Planning

Planning service
Yes
How the planning service works
As a Sonatype partner, BDQ provides licenses, consultancy and support for Sonatype'sproducts. We provide implementation, training and configuration servies, so that you can get the very best from Sonatype .
Planning service works with specific services
Yes
Hosting or software services the planning service works with
Sonatype

Training

Training service provided
Yes
How the training service works
As part of a Sonatype implementation we deliver a package of training to ensure that users from Dev and Ops can get up and running quickly.
Training is tied to specific services
Yes
Services the training service works with
Sonatype

Setup and migration

Setup or migration service available
Yes
How the setup or migration service works
We can provide services to support users migrating from other SDLC products.
Setup or migration service is for specific cloud services
Yes
List of supported services
Sonatype

Quality assurance and performance testing

Quality assurance and performance testing service
Yes
How the quality assurance and performance testing works
Sonatype's Nexus platform puts automated governance into your CI/CD pipeline, identifying vulnerabilities in Open Source libraries from repositories such as Maven and NPM. It provides developers with the most up to date information about the libraries they are using and, by having this information early in the development lifecycle, risky code can be avoided.

Security testing

Security services
Yes
Security services type
  • Security risk management
  • Security testing
Certified security testers
No

Ongoing support

Ongoing support service
Yes
Types of service supported
Hosting or software provided by a third-party organisation
How the support service works
We provide first line support of Sonatype's products to ensure that your development organisation gets up and running successfully with the Nexus platform.

Service scope

Service constraints
In order for the service to operate correctly, Sonatype's software must be configured following their best practice recommendations. BDQ will work with your IT and Development teams to ensure that this configuration proceeds smoothly.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Monday - Friday 9am - 5pm. Our response time is between 4 hours and 2 days depending on the severity of the issue. Out of hours support is available at additional cost.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Support levels
We provide online service desk and telephone support. Additional levels, including a dedicated technical account manager can be provided at additional cost.

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Sonatype

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Pricing

Price
£700 a person a day
Discount for educational organisations
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@bdq.cloud. Tell them what format you need. It will help if you say what assistive technology you use.