Security Operations, DevOps, AI/ML, Supply chain

Sonatype Guide enhances AI-assisted development with secure open-source component management

According to Silicon Angle, Sonatype Inc. has launched Sonatype Guide, a new developer tool designed to accelerate and secure the use of artificial intelligence in software development by ensuring the selection of high-quality, secure open-source components.

Sonatype Guide addresses a critical challenge in AI-assisted coding: AI models trained on outdated data often recommend vulnerable or nonexistent open-source packages. A Sonatype study indicates that leading generative AI large language models hallucinate packages up to 27% of the time, leading to rework, slowed delivery, and increased security risks. The tool acts as an intelligent backbone, steering AI coding assistants toward reliable components and autonomously managing dependencies. It integrates with popular AI coding assistants like GitHub Copilot and AWS Kiro, intercepting package recommendations in real time to guide developers toward secure options before code is committed. Key features include a Model Context Protocol Server and an enterprise-grade API leveraging Sonatype Intelligence for real-time data on open-source quality and security.

The introduction of Sonatype Guide highlights a growing industry concern regarding the security implications of AI-driven development workflows. By embedding security and quality checks directly into the AI-assisted development process, the tool aims to mitigate risks associated with vulnerable open-source components.

Source: Silicon Angle

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds