<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

DevSecOps: Better Software, Faster

“The big problems are where people don't realize they have one in the first place.” - W. Edwards Deming, patron saint of DevOps.

Docker: The New Ordinary

The “new ordinary”.

One Team, 5,000 Jobs: Life in the DevOps Jungle

Damien has 5,000 jobs. While you might gasp at that workload, Damien is not stressing out. All 5,000 jobs are automated within his team’s Jenkins pipelines. How does he do it? Damien follows four key principles to keep his cool in the job jungle: self-service, security, simplicity, and extensibility. But you might be surprised that one of his most important survival techniques is treating his pipeline as “not code.”

Step-by-Step: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall

We have added two more videos in the Tips from the Trenches Series free video based training, explaining how to configure and use Nexus Firewall to block and quarantine open source components with known vulnerabilities. 

The Nexus Firewall – Perimeter Defense for Software Development

The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities. You can respond by leveraging automation in your repository manager to improve application quality and reduce rework while lowering exposure to risk.

DevOps: Making the Boring Things Stay Boring

I, For One, Welcome Our New Robot Overlords” is the title of Mykel Alvis’ (@mykelalvis) session at the 2016 All Day DevOps Conference. He wasn’t trying to curry favor with the new robot rulers, ala Kent Brockman, but, instead, was evangelizing on the importance of precision in DevOps.

LEGO, Death Stars, and Millennium Falcons, Oh My

Summary: Sonatype now offers a new revolutionary way to instantly give your teams access to vulnerability, license, and quality related data for the components they are consuming.