Category Archives: AppSec Spotlight

Automated Nexus Reports on Licenses, Security, and More


August 5, 2015 By
Derek Weeks
Screen Shot 2015-08-05 at 2.12.57 PM

You have been using Nexus repository managers for years, but did you know they offer a free reporting feature that details your component licenses, known security vulnerabilities, versions, age, and adoption rates? Your Nexus repository manager can be the first line of defense against security vulnerabilities and the perfect platform to assess your exposure to open […]

Continue reading...

Categories: Uncategorized

The Cost to DevOps: 27 Mufflers


July 16, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.51.00 PM

Imagine that you are designing the 2016 Range Rover line of sport utility vehicles. Like all gas powered vehicles, each one needs an exhaust muffler. Range Rover likely has narrowed in on a preferred provider of mufflers. But imagine what would happen if the designers and factory line workers could pick from any one of 27 past versions of that muffler from their preferred provider for the new model year.

Continue reading...

Categories: Uncategorized

Better and Fewer Suppliers (2015 Software Supply Chain Report)


June 17, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.56.10 PM

Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains. In the Java ecosystem alone, there are now over 108,000 suppliers of open source components. Across all component types available to developers (e.g., RubyGems, NuGet, npm, Bower, PyPI, etc.), estimates now reach over 650,000 suppliers of open source projects.

Continue reading...

Categories: Uncategorized

DevOps Leadership Series: Gov Does DevOps


May 27, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.30.20 PM

This past week, I had the opportunity to catch up with some more industry thought leaders at the DevOpsDays DC event in our nation’s capital. This was the first major DevOps Days event to feature a large audience of government participants. It was an awesome event and is certainly going to be on my must-attend list for next year.

Continue reading...

Categories: Uncategorized