Category Archives: Sonatype Says

Better and Fewer Suppliers (2015 Software Supply Chain Report)


June 17, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.56.10 PM

Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains. In the Java ecosystem alone, there are now over 108,000 suppliers of open source components. Across all component types available to developers (e.g., RubyGems, NuGet, npm, Bower, PyPI, etc.), estimates now reach over 650,000 suppliers of open source projects.

Continue reading...

We Lack Building Codes for Building Software Code [VIDEO]


June 15, 2015 By
Mark Miller
Screen Shot 2015-07-29 at 11.34.31 AM

At Josh Corman’s presentation during AppSecEU 2015, he brought up the analogy of buildings codes, those laws and regulations that mandate how architectural buildings are built. It’s the reason earthquakes in some regions of the world are so devastating, while even stronger ones in other areas cause minimal damage.

Continue reading...

The 2015 State of the Software Supply Chain Report


June 11, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.58.40 PM

In April of this year, I embarked on a six-week journey diving deep into an analysis of the world’s software supply chains. I evaluated the practices of 106,000 organizations, the 100,000+ suppliers they relied on, and the billions of software components that fueled their agile, continuous delivery and DevOps practices.

Continue reading...

DevOps Leadership Series: Gov Does DevOps


May 27, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.30.20 PM

This past week, I had the opportunity to catch up with some more industry thought leaders at the DevOpsDays DC event in our nation’s capital. This was the first major DevOps Days event to feature a large audience of government participants. It was an awesome event and is certainly going to be on my must-attend list for next year.

Continue reading...

DevOps Leadership Series: Monitoring Containers and Microservices


May 19, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.37.18 PM

Trevor Parsons (@trevparsons) is a Co-Founder and Chief Scientist at Logentries, a leading SaaS-delivered log management and analytics service. I caught up with Trevor at the Velocity Conference in Santa Clara and asked him what themes were resonating with attendees this year.

Continue reading...

DevOps Leadership Series: Security at Velocity [Video]


May 12, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.39.53 PM

If it does not fit, it does not get done. For many DevOps practices, application security falls into the “does not get done” bucket. That’s because for many DevOps-centric organizations, application security has historically be done somewhere else, by someone else, who is slow.

Continue reading...

DevOps Leadership Series: Software Supply Chains [Video]


May 5, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.42.39 PM

Another theme that arose often during our recent “DevOps: Wine-ing, Not Whining” event was the importance of software supply chains. Every software development organization has a software supply chain, and DevOps leaders are now applying principles from lean manufacturing, Deming, and Toyota supply chain management to improve their operations.

Continue reading...

DevOps Leadership Series 2015


May 1, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.44.26 PM

We recently hosted the 2nd annual “DevOps: Wine-ing, Not Whining” event in San Francisco to bring together a number of thought leaders and leading practitioners in the DevOps field. We traded stories from the trenches, formed new insights, and offered visions of the future.

Continue reading...

How a Software Bill of Materials Uncovers Known Vulnerabilities


April 30, 2015 By
Derek Weeks
iStock_000001171649Small

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code […]

Continue reading...