Case Study: INAIL achieves pre-production open-source vulnerability protection and safer releases with Sonatype

INAIL manages over 20,000,000 insured people and over 600,000 accidents/year

INAIL, Italy’s national institute for insurance against workplace injuries, serves about 20 million insured people and handles some 600,000 accidents a year. Faced with the need to catalog open source components, detect vulnerabilities before production and integrate a staging logic with an external Docker registry for OpenShift, the organization also had to ensure strict privacy and security of policyholder data across releases.

INAIL implemented automated checks in the release verification and validation process using the Sonatype platform (Nexus Lifecycle, Firewall, Repository Manager and IQ Server), installed Nexus OSS, configured Maven and Docker registries and introduced staging workflows. A support team now extracts Bills of Materials, analyzes and manages vulnerabilities per policy and prepares applications for penetration testing—resulting in reduced risk from vulnerable components, active developer involvement in secure releases, and validated libraries before production.

INAIL

Adele Gambacorta

Head of Software Production Process