Neuxs Lifecycle and Atlassian Bamboo: Improve Your Builds

Author, Derek Weeks

Sonatype Lifecycle now provides native Atlassian Bamboo support to improve the quality of your build outputs. Sonatype provides instant analysis of open source components used in every Bamboo build and alerts development teams to any quality, license, or security issues identified.  By catching the issues during CI builds, development teams can quickly address open source policy violations early and can avoid unplanned rework.

Nexus Lifecycle and Bamboo

Improve the Quality of Build Outputs

After policies have been established in Nexus Lifecycle to watch for quality, license or security issues associated with open source components used during the builds, build managers now have continuous visibility to any components that may impact the integrity or quality of a build early in the development lifecycle.

If you are not familiar with Nexus Lifecycle policy management, alerts, and reporting, here are some examples of what you might use continuous monitoring for:

  • Versions: Detect specific version numbers of open source components in use, helping to reduce the variability of versions in use across production applications.
  • License: Detect any artifact or dependency that uses GPL or AGPL licenses.
  • Security: Detect any artifact with a known security vulnerability with a CVSS threat level between 7 and 10.
  • Age/Viability: Detect any open source components that are five or more years old that may reflect use of less functional components, or those without regular updates from the open source project.

Details of Policy Violations

Nexus Lifecycle is the only solution that delivers continuous visibility to build quality and integrity through Jenkins, Hudson and Bamboo.  If any issues are discovered, build managers, security professionals, and development managers have instant access to details on the artifact in question, including policy / compliance information, popularity and age of the component and its release history.  For example, if a security vulnerability is known to exist in a given artifact, details to its CVE are immediately available for analysis from Nexus Lifecycle.

Nexus Lifecycle and Bamboo

Monitoring Outputs from Multiple Builds

Build managers will likely use the Bamboo dashboard in order to monitor the status of multiple builds from a central location.  When other functional areas of the business (e.g., Application Security, Legal, Open Source Review Boards) want to keep track of multiple builds, they turn to the CLM Dashboard.  These users are provided real-time visibility to policy /compliance issues in CLM dashboard.

Nexus Lifecycle and Bamboo

If you are using Bamboo, Jenkins, or Hudson for continuous integration, and want to further improve your visibility to the quality and integrity of your builds, feel free to reach out to us for more details.  You can watch a video demonstration (7 min) of the integration here.

Nexus integration with CI platforms is just one of the ways that we are helping development teams to improve the speed, quality and integrity of their continuous development efforts.

The following two tabs change content below.

Derek Weeks

VP and DevOps Advocate at Sonatype
Derek is a huge advocate of applying proven supply chain management principles into DevOps practices to improve efficiencies, reduce security risks, and sustain long-lasting competitive advantages. He currently serves as vice president and DevOps advocate at Sonatype, creators of the Nexus repository manager and the global leader in solutions for software supply chain automation. Derek is a distinguished international speaker and lectures regularly on modern software development practices, continuous delivery and DevOps, and application security. He shares insights regularly across the social sphere where you can find him at @weekstweets and

Related posts