Category Archives: Nexus Repo Reel

4 Open Source Components You Need to Update Right Now


May 7, 2014 By
Brian Fox
Component Vulnerability Stats

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on downloads from the (Maven) Central Repository, I’m sitting here with my jaw hanging open. Over 46 million Java-based open source components containing known vulnerabilities were downloaded from the Central Repository in 2013*.

Continue reading...

The Nexus 2 Minute Challenge Video Series


April 29, 2014 By
Mark Miller
The Nexus 2 Minute Challenge

In March, Manfred Moser and I introduced the concept of a “Nexus 2 Minute Challenge“, where I would ask Manfred to accomplish a specific task in Nexus in less than 2 minutes. The series was an immediate hit with over 1300 views within the first month. Here’s the inaugural video, Enable Component Version Discovery, from […]

Continue reading...

Sonatype Nexus Security Advisory


January 16, 2014 By
Brian Fox
Security Advisory

Sonatype Nexus Security Advisory Date: January 14, 2014 Affected Versions: Nexus OSS/Pro versions prior to and including 2.7.0-06 Summary: A critical security vulnerability has been discovered by Sonatype in Nexus requiring immediate action. The vulnerability makes use of an execution path in an open source library that we have now (with the available patch) added […]

Continue reading...

Should your devops pipeline consider component intelligence?


October 31, 2013 By
Manfred Moser

In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using
Nexus as a repository for their development and release components. They
found that they need to be able to quickly create another virtual
machine as part of their build infrastructure to react to changes in
datacenter locations and other parameters.

Continue reading...

Yes, Policies Can Actually Speed Development


By
Derek Weeks

CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]

Continue reading...