<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

One Team, 5,000 Jobs: Life in the DevOps Jungle

Damien has 5,000 jobs. While you might gasp at that workload, Damien is not stressing out. All 5,000 jobs are automated within his team’s Jenkins pipelines. How does he do it? Damien follows four key principles to keep his cool in the job jungle: self-service, security, simplicity, and extensibility. But you might be surprised that one of his most important survival techniques is treating his pipeline as “not code.”

Step-by-Step: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall

We have added two more videos in the Tips from the Trenches Series free video based training, explaining how to configure and use Nexus Firewall to block and quarantine open source components with known vulnerabilities. 

The Nexus Firewall – Perimeter Defense for Software Development

The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities. You can respond by leveraging automation in your repository manager to improve application quality and reduce rework while lowering exposure to risk.

DevOps: Making the Boring Things Stay Boring

I, For One, Welcome Our New Robot Overlords” is the title of Mykel Alvis’ (@mykelalvis) session at the 2016 All Day DevOps Conference. He wasn’t trying to curry favor with the new robot rulers, ala Kent Brockman, but, instead, was evangelizing on the importance of precision in DevOps.

LEGO, Death Stars, and Millennium Falcons, Oh My

Summary: Sonatype now offers a new revolutionary way to instantly give your teams access to vulnerability, license, and quality related data for the components they are consuming.

DevOps for Small Organizations: Lessons from Ed

Ed was demoralized. He had just heard a speaker who would change his life. He knew he needed to change, and he knew what the end goal was. He just didn’t know how to get there. He needed fresh air. He needed endorphins. What better way to do that than go on a 6-hour run through some of the seedier neighborhoods of Vegas to the edge of the desert.

DevSecOps: Catching Fire

In DevOps, those that can't keep pace are often left behind.  For many people leading DevOps initiatives over the past few years, this led to a painful choice of leaving security by the wayside.  Many waterfall-native approaches to security could not keep pace with their new DevOps-native requirements and they were shunned.