<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Why CEO’s Choose Harry

We are excited to see GrowthCap just announced NEA’s Harry Weller as their Investor of the Year. Harry and our CEO, Wayne Jackson, started working together in 1998 when he invested in Riverbed Technologies, followed by an investment in SourceFire, and most recently teaming up for the third time with Sonatype. We’re honored to be partnered with Harry and NEA to be developing an awesome future for software development organizations with our software supply chain and repository management solutions.

What’s in Your Software

I can’t tell you how excited I am to be a part of the Sonatype team that is literally reinventing how quality software gets made. As the new guy leading marketing, my first test was to explain Sonatype to my mom. She’s a smart cookie -- but she's 82 years old -- and doesn’t know very much about software.

Getting Rugged DevOps Right

Two Perspectives

Jack, an accomplished application security pro, tells me, “The developers won’t talk to us. It’s like we speak a different language. They are releasing new builds so fast, how could they check each one for security vulnerabilities? We can’t move as fast as they do.”

Software Supply Chains: DevOps Lessons Learned from Southwest Airlines

I was talking to a new business acquaintance the other day and had a really interesting exchange. It went something like this:

Nexus Firewall: Quality at Velocity

The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities. By leveraging automation in your repository manager, you can improve application quality and reduce unplanned work while lowering exposure to risk.

Did you wake up to an alert about the Java Deserialization vulnerability?

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now and go read this factual and un-sensationalized account of the situation. I’ll wait.

Improving Container Security: Docker and More

This blog was contributed by Chenxi Wang, Chief Strategy Officer at Twistlock.

Earlier this week, Sonatype announced a strategic partnership with Twistlock. The relationship is incredibly important to furthering automation and security across the software supply chain as it relates to container technologies. For this reason, we invited Chenxi Wang, Chief Strategy Officer from Twistlock, to share some insight on their business and technology here with our community. We’ll also be in Barcelona next week with Twistlock sharing insights with the Docker community at large.