Category Archives: Everything Open Source

How a Software Bill of Materials Uncovers Known Vulnerabilities


April 30, 2015 By
Derek Weeks
time 3

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code […]

Continue reading...

Real World Experiences: Blackboard


April 21, 2015 By
Derek Weeks
bb-testimonial

As part of a new series we’re calling ‘Real World Experiences’ we’ll be highlighting how Sonatype customers are benefiting from greater development efficiency, higher productivity levels, faster time to market and better quality software, all while being more secure. We kick off the series covering Blackboard, the world’s leading education technology company.

Continue reading...

Legal at DevOps Speed


April 7, 2015 By
Derek Weeks
legal risks

Paul is not part of our development team, he doesn’t want to be, and he certainly does not slow them down. But with that said, Paul knows how to work at DevOps speed. He knows legal reviews need to happen at the speed of development on every component, every build, and every release. How much time does Paul spend reviewing open source and third-party software components in the software we are building? Almost none. Yup. That is because we have automated him.

Continue reading...

Sonatype and Bamboo: Improving Your Builds


March 3, 2015 By
Derek Weeks
Bamboo

Sonatype now provides native Atlassian Bamboo support to improve the quality of your build outputs. Sonatype provides instant analysis of open source components used in every Bamboo build and alerts development teams to any quality, license, or security issues identified. By catching the issues during CI builds, development teams can quickly address open source policy violations early and can avoid unplanned rework.

Continue reading...

Nexus Reaches 50,000


February 27, 2015 By
Derek Weeks
5 times the number of repos

Active Nexus instances have grown 100% within the past 18 months. Just awesome. And, YOU, our user community made it happen. As of today, we surpassed the milestone of 50,000 active Nexus installs! Thank you.

Continue reading...

Evaluating OSS logistics solutions? Consider these 9 tips.


February 24, 2015 By
Derek Weeks
8_tips_evaluating_OSS_logistics

With well over 17 billion open source components downloaded from public repositories in 2014, it is clear that more software development organizations are assembling software from component building blocks. In fact, Gartner reports that by 2016 the vast majority of mainstream IT organizations will leverage open source software (OSS) components in mission-critical IT solutions. This massive reliance on open source components has created new challenges for managing the speed, cost, and risks of continuous delivery in today’s software development efforts.

Continue reading...

Nexus 3: New Milestone Release


February 12, 2015 By
Jeff Wayman
Nexus_Milestone

There are those of us that like to stay on the cutting edge of technology, fiddling with the latest and greatest, even if it means the experience might be a little rough around the edges. Yes, that might mean suffering through a bunch of issues despite a warning not to install Mavericks on our main […]

Continue reading...

The Software Supply Chain Piques Interest


February 9, 2015 By
Derek Weeks
supply chain management

As we looked back at what our readers found most intriguing in the past year, we found one central theme: managing their software supply chain. Our readers wanted to know in a continuous world, where speed and quality often compete how can they develop software faster while becoming more profitable ensuring quality and managing risk.

Continue reading...

Chevy and DevOps: What the Wi-Fi?


February 4, 2015 By
Derek Weeks
chevy

I’m sure you saw it too. During the Super Bowl, Chevy Trucks announced that they were adding 4G LTE wi-fi. How cool. I want that (and so would my kids). I can only imagine the possibilities. But, this is not all about my needs. Chevy and every other vehicle maker wants this too. And not for the reasons that you might first consider. Quickly, let me introduce you to the recalls of today..

Continue reading...

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management


December 16, 2014 By
Wayne Jackson
royce

  On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.” The legislation will ensure all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third […]

Continue reading...