<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

DevOps Express: How It Happened and Why We Did It

“Being able to take needless work out of the system is more important than being able to put more work into the system.” This is one of my favorite quotes from Gene Kim’s book, The Phoenix Project, and it plays directly into why we're announcing the DevOps Express initiative today.

Nexus Repository Rising: Say Hello to the New Pro

Free Birds, Free Coffee, and Free Willy.  Software development  is hard enough, so we’re making it easier.  You see, a few years ago Sonatype made a promise that Nexus Repository should provide universal component support for free.  This month, we are continuing to live up to that promise by expanding component support in Nexus Repository OSS to include PyPI and RubyGems packages. Nexus Repository now offers free support for seven components types.  For those who thought we only supported Java components, you must be thinking of the other guys.  

All Day DevOps Conference: Bringing DevOps to the World

An Audacious Plan

The global audience for DevOps is expanding faster than any one person or company can keep up with. While DevOps Days and other regional events provide invaluable support to their local communities, we want to create a global event, offering the best lineup of speakers.  We also wanted to make sure that anyone, anywhere can attend -- so we set a high bar for our organizing team...and they delivered: $0 registration.

Government Spotlight:  DevOps Accelerates Cyber Security

A Tale of Two Quakes

In 2010, a 7.0-magnitude earthquake devastated Haiti. The quake killed an estimated 230,000 people and sparked a massive global assistance response.  We all remember this tragedy.  Yet, six weeks later, a far stronger earthquake (8.8 magnitude) shook Chile. That quake killed 279 people and we saw fewer news headlines and a subdued global response.

Government Asks: What’s in Your Software?

U.S. Government pays closer attention to software components

Multiple agencies across the U.S. government are paying closer attention to the software they are buying.  More specifically, they want to know what open source and third party components were used to build the software applications.  The report notes:

How to Video Training: Open Source Component Management and Intelligence


As a developer I am constantly chasing new tools and enjoy learning new things. I read a lot of blog posts, tutorials and documentation. And I listen to podcasts and attend webinars as well. More and more I find that watching videos of conference and webinar presentations is great.  But even better are shorter, focused videos that give you a  chance to quickly learn something new.  

An Insider's View: Analyzing Software Supply Chains

I recently sat down for a spell with Bruce Mayhew, Director of Research and Development at Sonatype and co-author/project lead for OWASP WebGoat, to discuss his perspectives on the data revealed in this year's 2016 State of the Software Supply Chain Report. Here, he not only speaks about why the data within the report is so incredibly compelling, but also about how his team's research has come together in a way that surprises him, and might surprise you.