We’re excited to let you know that the Technical Content team has released a brand new technical guide, "Why Policy?"
We’re often asked by customers and employees alike why we built Nexus Lifecycle as a policy engine. Wouldn’t it be simpler to just scan for security violations? It would, but it would be less useful than a comprehensive risk management tool like Lifecycle.
Understanding which open source components you’re using, the risk from those components, and determining an acceptable level of risk for your organization are vital to building a reliable software development process. Nexus Lifecycle makes risk management simple by allowing your organization to define and automatically enforce specific policies for open source components. This approach is flexible enough to fit in any software development process, scalable, and empowers developers to make decisions about components.
Questions or thoughts? We’d love to hear from you below!