Category Archives: Sonatype Says

Atlanta DevOps Days Recap: Next Up NYC, Vancouver & Portland


October 17, 2013 By
Derek Weeks

We have been participating in the devopsdays events by presenting an ignite talk on how DevOps need to be aligned with how applications are constructed today – with open source components. The ignite presentation style is really interesting – you have 5 minutes to present 20 slides that advance automatically every 15 seconds. I started […]

Continue reading...

The Golden Repo is NOT the Answer, the Golden Policy is


October 1, 2013 By
Manfred Moser

Like many organizations, you have turned to Nexus as a repository for your components. Since that is going so well, you may be thinking adding controls that turn Nexus into a Golden Repository. It’s natural to try to manage components by restricting usage to only those components approved by your security, licensing and architecture teams. […]

Continue reading...

Agile, Component Development & DevOps – A Natural Match


September 23, 2013 By
Derek Weeks

Can you think of a technology concept that is more hyped than DevOps? We’ve moved past cloud & virtualization, and while not as hyped as Big Data or mobile, everyone on the development and operations side is talking about DevOps, not to mention DevOpsSec.  Using several blog posts, I’m going to layout the vision for […]

Continue reading...

Policy Hierarchy & Inheritance: Simplified Policy Management


September 13, 2013 By
Derek Weeks

We are pleased to announce the availability of Sonatype 1.6. This release is focused on policy hierarchy and inheritance support and includes a revamped user experience. The development team has also added a number of new quick start guides including one that provides guidance on policy management. Jeff Wayman does a great job of describing […]

Continue reading...

Sonatype Reduces Licensing Risks for .Net Developers with Integration to NuGet and Visual Studio


September 9, 2013 By
Karen Gardner

I continue to be in awe of this stat: the composition of today’s applications is often as high as 90% open source components and only 10% custom source code. A true testament to the value of open source in helping speed the delivery of custom built applications. (This amazing, but true, stat is based on […]

Continue reading...

Important: Apache Struts Framework Security Alert


August 13, 2013 By
Derek Weeks

The popular Apache Struts Framework, a toolkit used to build many of today’s web applications, has a critical vulnerability that was recently announced by the Struts team at Apache. The National Institute of Standards and Technology (NIST) has added the exposure to the National Vulnerability Database and assigned a critical score (9.3 out of 10). […]

Continue reading...

A Brief and Incomplete History of DevOps


July 29, 2013 By
Jessica Dodson

The use of DevOps methodology and a structured process for integrating security into the development process is becoming more prevalent as large enterprises are seeing the benefits of a strategic alliance between development teams and operations. Instead of throwing the pig over the fence and hoping it turns into bacon by the time it touches […]

Continue reading...

Application security needs to be redefined to stay relevant


July 26, 2013 By
Derek Weeks

Ok, so maybe it’s not the definition that’s the problem. Maybe it’s the fact that most people think of DAST and SAST when it comes to application security.  And when most developers are faced with DAST and SAST, they run for cover. Or maybe it’s the fact that most security practices are primarily focused on […]

Continue reading...