According to Silicon Angle, Sonatype Inc. has launched Sonatype Guide, a new developer tool designed to accelerate and secure the use of artificial intelligence in software development by ensuring the selection of high-quality, secure open-source components.Sonatype Guide addresses a critical challenge in AI-assisted coding: AI models trained on outdated data often recommend vulnerable or nonexistent open-source packages. A Sonatype study indicates that leading generative AI large language models hallucinate packages up to 27% of the time, leading to rework, slowed delivery, and increased security risks. The tool acts as an intelligent backbone, steering AI coding assistants toward reliable components and autonomously managing dependencies. It integrates with popular AI coding assistants like GitHub Copilot and AWS Kiro, intercepting package recommendations in real time to guide developers toward secure options before code is committed. Key features include a Model Context Protocol Server and an enterprise-grade API leveraging Sonatype Intelligence for real-time data on open-source quality and security.The introduction of Sonatype Guide highlights a growing industry concern regarding the security implications of AI-driven development workflows. By embedding security and quality checks directly into the AI-assisted development process, the tool aims to mitigate risks associated with vulnerable open-source components.Source: Silicon Angle
Security Operations, DevOps, AI/ML, Supply chain
Sonatype Guide enhances AI-assisted development with secure open-source component management

An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



