Sonatype Maps the JavaScript Genome for DevOps

Sonatype has mapped out the JavaScript genome to help organizations with high-velocity, automated development practices.

Download the authoritative guide: How to Develop an IT Security Strategy

agile development

Sonatype, a provider of software supply-chain automation solutions, claims to have mapped the JavaScript genome to help organizations build better software in the fast-paced world of Agile development and DevOps.

Earlier this week, Sonatype delivered a new version of its Nexus platform that provides development organizations with intelligence about the quality of npm and JavaScript components so they can deliver higher quality software through DevOps automation. npm is the default package manager for the JavaScript runtime environment Node.js.

"In direct response to market demand for DevOps-native tooling, Sonatype has delivered the world's first and only coordinate system that is capable of precisely identifying all JavaScript contained in the npm, Central, and NuGet repositories," Jeff Wayman, director of product marketing at Sonatype, said in a blog post. "This enormous engineering effort was accomplished by mapping tens of millions of unstructured files and components into a single, definitive database that identifies names, versions, vulnerabilities, licenses and code modifications associated with JavaScript components. In essence, we mapped the JavaScript genome."

Sonatype accomplished this engineering feat by mapping 43 million unstructured files and six million unique JavaScript components into a single database that identifies names, versions, vulnerabilities, licenses and code modifications associated with JavaScript components, Wayman said. Moreover, Sonatype's new automated approach to "mapping the JavaScript genome" can help organizations to cut downtime to 15 seconds and enables developers to precisely identify the exact components with vulnerabilities, he added.

"Scaling a modern software supply chain requires deep intelligence that is precise enough to automatically weed out vulnerable, outdated and defective open-source components and packages," Wayne Jackson, CEO of Sonatype, said in a statement. "Our customers operate in a polyglot world and that's why we're continuously investing to deliver the world's best component intelligence, not just for Java, but for JavaScript, .NET, RubyGems, PyPI and other formats as well."

According to Wayman, Sonatype calls its genome mapping approach "Advanced Binary Fingerprinting," and it will enable organizations to:

  • spur innovation by enabling teams with to identify the highest quality open-source components;
  • scale fast with component intelligence that is precise enough to enable automation at every phase of the software lifecycle; and
  • control component use with flexible policies that can promote granular decision support across varying teams, languages and application profiles.

Sonatype's contribution to the JavaScript ecosystem comes the same week that the Linux Foundation introduced the JS Foundation as a Linux Foundation Project. The JS Foundation's goal is to serve as the center of gravity for the open-source JavaScript ecosystem. The foundation also introduced a mentorship program to encourage collaboration throughout the JavaScript community.

Dylan Schiemann, CEO of SitePen, said the JS Foundation is the official name for "the rebranded and re-launched merging of the jQuery Foundation and the Dojo Foundation." Schiemann added that "The JS Foundation has a simple yet powerful mission: to support JavaScript projects in an open, accessible and sustainable manner to help projects succeed and to thrive."

The JS Foundation is a member-supported organization; founding members include Bocoup, IBM, Ripple, Samsung, Sauce Labs, Sense Tecnic Systems, SitePen, StackPath, University of Westminster and WebsiteSetup. Initial projects for the mentorship program include Appium, Interledger.js, JerryScript, Mocha, Moment.js, Node-RED and webpack.