Category Archives: Sonatype Says

Did you wake up to an alert about the Java Deserialization vulnerability?

November 13, 2015 By
Brian Fox

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now and go read this factual and un-sensationalized account of the situation. I’ll wait.

Continue reading...

Improving Container Security: Docker and More

November 12, 2015 By
Derek Weeks
Screen Shot 2015-11-12 at 2.02.09 PM

This blog was contributed by Chenxi Wang, Chief Strategy Officer at Twistlock.   Earlier this week, Sonatype announced a strategic partnership with Twistlock.  The relationship is incredibly important to furthering automation and security across the software supply chain as it relates to container technologies.  For this reason, we invited Chenxi Wang, Chief Strategy Officer from […]

Continue reading...

Why Nexus Rocketed Beyond 60,000 Installs

November 5, 2015 By
Derek Weeks

Another BIG Milestone Active Nexus repository manager instances have grown to another record high.  As of today, we surpassed the milestone of 60,000 active Nexus installations!  And, YOU, our user community made it happen. With Nexus at the heart of software supply chains and everything continuous, we are excited about all of the great work being done […]

Continue reading...

Please Containerize Your Excitement: Nexus 3 Milestone 5 Release

September 22, 2015 By
Derek Weeks
Screen Shot 2015-09-22 at 11.50.56 AM

We, on the Nexus team, are pleased to announce the arrival of the Nexus 3 Milestone 5 release! Our focus in this milestone release was; hosting and proxying Docker registries, browsing and searching Docker images, browsing components and assets that belong to any repository format. Docker format capabilities in Nexus 3 are brand new and we are excited to have it going out into the wild so we can hear your feedback.

Continue reading...

28 DevOps and Continuous Delivery Reference Architectures (Vol. 2)

September 8, 2015 By
Derek Weeks
Screen Shot 2015-09-01 at 6.45.25 PM

People want to get going with DevOps or Continuous Delivery, but need a place to start.  Others are already on their way, but need some validation of their choices.  In April, I published the first volume of DevOps and Continuous Delivery reference architectures which has now been viewed over 37,000 times on SlideShare (it’s free […]

Continue reading...

Make Nexus Part of the DevOps Dozen

August 6, 2015 By
Zach Peretti
Screen Shot 2015-08-06 at 10.33.44 AM has compiled a list of companies they believe to be the most well known DevOps products in the market today. We are excited and honored to have Nexus nominated under the repository manager category. As put it — “To succeed in todays speed of business, app-centric world the old ways of doing business […]

Continue reading...

Automated Nexus Reports on Licenses, Security, and More

August 5, 2015 By
Derek Weeks
Screen Shot 2015-08-05 at 2.12.57 PM

You have been using Nexus repository managers for years, but did you know they offer a free reporting feature that details your component licenses, known security vulnerabilities, versions, age, and adoption rates? Your Nexus repository manager can be the first line of defense against security vulnerabilities and the perfect platform to assess your exposure to open […]

Continue reading...

The Cost to DevOps: 27 Mufflers

July 16, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.51.00 PM

Imagine that you are designing the 2016 Range Rover line of sport utility vehicles. Like all gas powered vehicles, each one needs an exhaust muffler. Range Rover likely has narrowed in on a preferred provider of mufflers. But imagine what would happen if the designers and factory line workers could pick from any one of 27 past versions of that muffler from their preferred provider for the new model year.

Continue reading...