This blog was contributed by Chenxi Wang, Chief Strategy Officer at Twistlock. Earlier this week, Sonatype announced a strategic partnership with Twistlock. The relationship is incredibly important to furthering automation and security across the software supply chain as it relates to container technologies. For this reason, we invited Chenxi Wang, Chief Strategy Officer from […]
On October 29, Sonatype hosted a discussion about the upcoming release of Nexus 3. This release will provide support for Docker images as a private Docker registry. A full recording of discussion is available on YouTube. While we covered Q&A during the webinar, there were many questions that we did not get to answer […]
Another BIG Milestone Active Nexus repository manager instances have grown to another record high. As of today, we surpassed the milestone of 60,000 active Nexus installations! And, YOU, our user community made it happen. With Nexus at the heart of software supply chains and everything continuous, we are excited about all of the great work being done […]
We, on the Nexus team, are pleased to announce the arrival of the Nexus 3 Milestone 5 release! Our focus in this milestone release was; hosting and proxying Docker registries, browsing and searching Docker images, browsing components and assets that belong to any repository format. Docker format capabilities in Nexus 3 are brand new and we are excited to have it going out into the wild so we can hear your feedback.
People want to get going with DevOps or Continuous Delivery, but need a place to start. Others are already on their way, but need some validation of their choices. In April, I published the first volume of DevOps and Continuous Delivery reference architectures which has now been viewed over 37,000 times on SlideShare (it’s free […]
Josh Corman had a busy week at BlackHat last week. During the chaos, CNBC news caught up with him to talk about recent cyber attacks and what can be expected in the future.
You have been using Nexus repository managers for years, but did you know they offer a free reporting feature that details your component licenses, known security vulnerabilities, versions, age, and adoption rates? Your Nexus repository manager can be the first line of defense against security vulnerabilities and the perfect platform to assess your exposure to open […]
Imagine that you are designing the 2016 Range Rover line of sport utility vehicles. Like all gas powered vehicles, each one needs an exhaust muffler. Range Rover likely has narrowed in on a preferred provider of mufflers. But imagine what would happen if the designers and factory line workers could pick from any one of 27 past versions of that muffler from their preferred provider for the new model year.
“Software may be eating the world, but rework is choking software”, tweeted John Jeremiah (@j_jeremiah). To shed more light on what is choking software, new data was released last week in the 2015 State of the Software Supply Chain Report.
Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains. In the Java ecosystem alone, there are now over 108,000 suppliers of open source components. Across all component types available to developers (e.g., RubyGems, NuGet, npm, Bower, PyPI, etc.), estimates now reach over 650,000 suppliers of open source projects.