Skip to main content

Shifting Left

The final step in taking control of your open source risk is to make decisions about your component risk earlier in your development process. This is called shifting left. Making proactive risk decisions will allow your teams to spend less time remediating components and release safer software more quickly.


  • Make open-source risk decisions earlier in the development process.

Action Items

  • Make Intentional Upgrade Decisions

    • Data Insights - The data insights dashboard in Lifecycle provides information on your component choices and architecture.

  • Empower developers - Ultimately, your developers are the ones picking new components. Give them the tools to pick good components.

    • Install and Configure IQ Plug-ins - Give your developers Lifecycle Information in their IDE

    • Install and configure Chrome Extension - The Chrome Extension will let you view component information when researching packages in your browser.

  • Standardize libraries across your organization - Fewer components mean that you'll have fewer decisions to make about vulnerability remediation.

  • More solutions to help you take control of your software supply chain

    • Sonatype Nexus Repository - An artifact repository manager. With Nexus Repository, you can store third-party components as well as internally developed components.

    • Sonatype Firewall - Protect your proxy repositories from new open source risks being automatically downloaded. Take control of what is allowed to come into your SDLC.