Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on downloads from the (Maven) Central Repository, I’m sitting here with my jaw hanging open. Over 46 million Java-based open source components containing known vulnerabilities were downloaded from the Central Repository in 2013*.
In this segment of the Nexus 2 Minute Challenge, we asked Manfred Moser to replace the regular release process using the Nexus Staging Suite in less than 2 minutes. View the entire Nexus 2 Minute Challenge
In March, Manfred Moser and I introduced the concept of a “Nexus 2 Minute Challenge“, where I would ask Manfred to accomplish a specific task in Nexus in less than 2 minutes. The series was an immediate hit with over 1300 views within the first month. Here’s the inaugural video, Enable Component Version Discovery, from […]
Last week, I joined the Sonatype engineering team at the yearly summit where we got together and discussed the future roadmap for Nexus and CLM, talk with engineers who are doing the hands-on work on the projects and in general got caught up with each other. It’s always good to get this kind of face-to-face […]
For those that don’t know me, I am the new Nexus community advocate and now moderator of Nexus Live. I’ve kicked off my first session of the year with fellow community advocate, Manfred Moser and Manager QA & Support, Rich Seddon.
Sonatype Nexus Security Advisory Date: January 14, 2014 Affected Versions: Nexus OSS/Pro versions prior to and including 2.7.0-06 Summary: A critical security vulnerability has been discovered by Sonatype in Nexus requiring immediate action. The vulnerability makes use of an execution path in an open source library that we have now (with the available patch) added […]
One of the approaches to software that I strongly believe in is taking advantage of latest product innovations in all new releases. I think it’s important to upgrade to the latest versions of build tools and components as soon as you can.
Sonatype Nexus can easily be integrated with external systems due to the fact that all functionality is available via various REST API calls. On the other hand Nexus can be expanded by writing plugins for Nexus that customize it and add further functionality.
In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using
Nexus as a repository for their development and release components. They
found that they need to be able to quickly create another virtual
machine as part of their build infrastructure to react to changes in
datacenter locations and other parameters.
CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]