<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Jessica Dodson

Recent Posts by Jessica Dodson:

Should DevOps Account for Continuous Trust of Production Applications?

To find previous blogs in this DevOps series, read:

Move Left and Be More Secure

Author Attribution: This post was written by a guest blogger: Mark Miller, Founder and Curator of Trusted Software Alliance.

A Brief and Incomplete History of DevOps

The use of DevOps methodology and a structured process for integrating security into the development process is becoming more prevalent as large enterprises are seeing the benefits of a strategic alliance between development teams and operations. Instead of throwing the pig over the fence and hoping it turns into bacon by the time it touches the ground in operations, the relationship between the two warring factions is changing.

Do you trust your software supplier? Questions to ask yourself - and them!

Ever since I attended the recent Gartner Security & Risk Management Summit, I’ve found myself thinking a lot about if “you can trust your software supplier”. My colleague wrote about this a bit in a Gartner recap blog and our CEO co-presented on this topic with Curtis Yanko as part of a solution provider session.

How Will you Manage the New Addition of A9 to the OWASP Top 10 List?

It’s fair to say we were excited back in May when the OWASP community proposed A9 “ Using Components with Known Vulnerabilities” as a top 10 open source security risk – so now it’s official, component vulnerabilities are considered a critical web security flaw. But why has this addition warranted its own category, formerly classified under ‘Security Misconfiguration’? Has the problem truly compounded that much in the last 3 years that now, component vulnerabilities need to be on a watch list? Well simply put, YES. According to the largest open source component repository, The Central Repository, component downloads have grown from 1.5 billion requests in 2008 to over 8 billion requests in 2012. Now that’s a quite growth pattern.

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.

If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you know, organizations still struggle with the challenge of ensuring developers and build systems only acquire components from the repository manager. Which is why, having the ability to run a Repository Health Check is an added benefit every repository manager should be aware of.