Case Study: Endress+Hauser achieves automated open-source component tracking and reduced critical vulnerabilities with Sonatype Nexus Lifecycle

Instrumentation and process automation software leverages the Nexus Platform

Endress+Hauser, a Swiss instrumentation and process automation company with operations in dozens of countries, faced uncontrolled use of open source libraries across its in-house applications. The development team lacked tracking or monitoring of component consumption, relied on a manual process that couldn’t scale, and risked critical findings making it into production.

After evaluating Black Duck, Veracode and Sonatype Nexus Lifecycle, the team chose Nexus Lifecycle for its usability and low false-positive rate; a successful proof of concept led to approval. Nexus now automatically tracks and monitors components in development and production, provides company-wide visibility into library versions, and is being integrated into the security pipeline to prevent critical issues from reaching production.

Endress+Hauser

Lars Brobler

Senior Software Developer