DevOps Leadership Series: Monitoring Containers and Microservices


May 19, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.37.18 PM

Trevor Parsons (@trevparsons) is a Co-Founder and Chief Scientist at Logentries, a leading SaaS-delivered log management and analytics service. I caught up with Trevor at the Velocity Conference in Santa Clara and asked him what themes were resonating with attendees this year.

Continue reading...

DevOps Leadership Series: Security at Velocity [Video]


May 12, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.39.53 PM

If it does not fit, it does not get done. For many DevOps practices, application security falls into the “does not get done” bucket. That’s because for many DevOps-centric organizations, application security has historically be done somewhere else, by someone else, who is slow.

Continue reading...

DevOps Leadership Series: Software Supply Chains [Video]


May 5, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.42.39 PM

Another theme that arose often during our recent “DevOps: Wine-ing, Not Whining” event was the importance of software supply chains. Every software development organization has a software supply chain, and DevOps leaders are now applying principles from lean manufacturing, Deming, and Toyota supply chain management to improve their operations.

Continue reading...

DevOps Leadership Series 2015


May 1, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.44.26 PM

We recently hosted the 2nd annual “DevOps: Wine-ing, Not Whining” event in San Francisco to bring together a number of thought leaders and leading practitioners in the DevOps field. We traded stories from the trenches, formed new insights, and offered visions of the future.

Continue reading...

How a Software Bill of Materials Uncovers Known Vulnerabilities


April 30, 2015 By
Derek Weeks
iStock_000001171649Small

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code […]

Continue reading...

Real World Experiences: Blackboard


April 21, 2015 By
Derek Weeks
bb-testimonial

As part of a new series we’re calling ‘Real World Experiences’ we’ll be highlighting how Sonatype customers are benefiting from greater development efficiency, higher productivity levels, faster time to market and better quality software, all while being more secure. We kick off the series covering Blackboard, the world’s leading education technology company.

Continue reading...

Legal at DevOps Speed


April 7, 2015 By
Derek Weeks
legal risks

Paul is not part of our development team, he doesn’t want to be, and he certainly does not slow them down. But with that said, Paul knows how to work at DevOps speed. He knows legal reviews need to happen at the speed of development on every component, every build, and every release. How much time does Paul spend reviewing open source and third-party software components in the software we are building? Almost none. Yup. That is because we have automated him.

Continue reading...

Continuous Delivery and Nexus


March 19, 2015 By
Derek Weeks
nexus_cd

There are numerous examples of reference architectures available, and each of them vary in levels of detail, tools highlighted, and processes followed. Yet, there is a constant theme among the tool sets: Jenkins, Maven, Nexus, Subversion, Git, Docker, Puppet/Chef, Rundeck, and Sonar seem to show up time and again.

Continue reading...

Dogfooding Nexus


March 16, 2015 By
Derek Weeks
Sonatype

How does Sonatype use Nexus to support our development efforts? Well, our development team is about to tell you. In fact, they a planning to give a virtual tour of our factory floor (e.g., tool chain) while discussing their own best practices for agile software development across a geographically distributed team. They will also spend time discussing their use of Nexus, Bamboo, JIRA, HipChat, AWS, Ansible and other solutions to streamline our development efforts, improve the quality of our builds while reducing rework, and speed time to market for new releases.

Continue reading...

Sonatype and Bamboo: Improving Your Builds


March 3, 2015 By
Derek Weeks
Bamboo

Sonatype now provides native Atlassian Bamboo support to improve the quality of your build outputs. Sonatype provides instant analysis of open source components used in every Bamboo build and alerts development teams to any quality, license, or security issues identified. By catching the issues during CI builds, development teams can quickly address open source policy violations early and can avoid unplanned rework.

Continue reading...