Sonatype LiftSonatype Lift enables developers to build better, risk-free software. It integrates directly into your Azure DevOps pipelines, automatically surfacing information to help you find and fix security, licensing and architecture issues within your open source packages. It is backed by Sonatype’s industry leading data and draws on over a decade of experience across multiple industries giving you the best possible remediation advice. You never have to worry again if your applications are secure, compliant, or are using the best components. Features and BenefitsA native experience in Azure DevOps - As a developer you get all of the information and tools you need to build secure, quality applications without having to leave Azure DevOps. The industry’s best data - Sonatype Lift delivers a universal and timely understanding of open source security risk, license obligations, and architectural issues related to your code. As opposed to public databases like NVD that provide a relatively small and typically outdated view of open source vulnerabilities, Sonatype has ingested and analyzed more than 96 million components, using artificial intelligence and machine learning to dynamically monitor every GitHub commit to open source projects, all of the advisory websites, as well as Google search alerts, OSS Index, and a plethora of vulnerability sites. It’s about more than just AI and ML. New vulnerabilities are regularly discovered and hand curated by our team of 65 data researchers and added to our proprietary knowledge base. Expert remediation guidance - When new vulnerabilities are disclosed, our world class security research team immediately validates the exploit path, identifies the root cause, and delivers actionable information so you can rapidly remediate risk and keep your organization safe. Take a deep dive into sonatype research. Robust out-of-the-box policy - Sonatype has over a decade of experience working with the top development teams across all industries. We’ve taken that experience and used it to define policies that represent the best practices for managing open source components. We’ve done all that heavy lifting for you so you and your team don’t need to be legal or security experts. Your new policy engine helps you prioritize security, architecture and legal risk helping your teams understand the most pressing issues to address. If you decide that a policy violation is not relevant after investigation, you can make use of the waiver functionality to ignore it in future builds. PricingAfter a 30-day trial, the cost is $900 per Application per Year for Sonatype Lift. Sonatype Lift is priced per application. Application-based pricing is easier to calculate, and it means you can onboard your whole team (unlimited users) without having to purchase more seats. How is an application determined?
|