This past November at CA World 2015, we participated in a panel discussion on transforming application development and release with Continuous Delivery and DevOps practices. The well-attended panel discussion addressed many practical and easy ways for companies to get started with Continuous Delivery and DevOps.
The Lego Death Star has about 1/10th of the parts of a Toyota; 3803 to be exact. If you’ve ever assembled the Lego Death Star, or anything lego related, you know having the right parts is critical. Even more impressive is what the group over at Titans Creations did. This group of Lego fans (known as My Own Creation[ers]) built a scale model (mini-figure scale) of the Millennium Falcon. Coming in at around 10,000 parts it’s one of the more, if not most impressive custom models to date.
In part one of this series, “Rugged DevOps: Survival is Not Mandatory”, I shared news that 1 in 16 open source and third-party components downloaded last year included a known vulnerability. That may not seem like too many until you realize the average company downloads well over 200,000 components annually. These components are electively downloaded by development teams, often unaware of the vulnerabilities that come with them.
Deming, the patron saint of DevOps once advised, “It is not necessary to change. Survival is not mandatory.” To survive, application development teams are constantly pressured to deliver software even faster. But fast is not enough. The best organizations realize that security, quality and integrity at velocity are mandatory for survival. Hence, DevOpsSec
I can’t tell you how excited I am to be a part of the Sonatype team that is literally reinventing how quality software gets made. As the new guy leading marketing, my first test was to explain Sonatype to my mom. She’s a smart cookie — but she’s 82 years old — and doesn’t know very much about software.
Two Perspectives Jack, an accomplished application security pro, tells me, “The developers won’t talk to us. It’s like we speak a different language. They are releasing new builds so fast, how could they check each one for security vulnerabilities? We can’t move as fast as they do.” Then in the next moment, Diane, a DevOps […]
The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities. By leveraging automation in your repository manager, you can improve application quality and reduce unplanned work while lowering exposure to risk. Repository managers like Nexus, Artifactory and Archiva have been serving […]
This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now and go read this factual and un-sensationalized account of the situation. I’ll wait.
This blog was contributed by Chenxi Wang, Chief Strategy Officer at Twistlock. Earlier this week, Sonatype announced a strategic partnership with Twistlock. The relationship is incredibly important to furthering automation and security across the software supply chain as it relates to container technologies. For this reason, we invited Chenxi Wang, Chief Strategy Officer from […]
You have been using Nexus repository managers for years, but did you know they offer a free reporting feature that details your component licenses, known security vulnerabilities, versions, age, and adoption rates? Your Nexus repository manager can be the first line of defense against security vulnerabilities and the perfect platform to assess your exposure to open […]