Tag Archives: Insight

Get proactive about Security with Insight


May 25, 2012 By Tim O'Brien

There’s a shift in the way organizations are thinking about security, and This article in Infoworld “IBM: Security execs move more toward active risk management” is exactly what we’ve been talking about. Here’s the quote that stood out:

“Nearly two-thirds of security leaders say their senior executives are paying more attention to security today than they were two years ago, due in large part to media attention.” and “60 percent of the advanced organizations named security as a regular boardroom topic, compared to only 22 percent of the least advanced organizations”

Instead of simple three-tiered applications following a standard Apache -> Tomcat -> RDBMS pattern, today’s scaleable applications involve a portfolio of technologies: Redis, Hadoop, real-time BI systems, integration with 3rd party APIs, Node.js, with more and more companies adopting a portfolio of technologies. It is becoming increasingly difficult to draw a line around a particular application and evaluate security vulnerabilities in isolation.

Today, you need to have your security group sitting next to you evaluating a complex application as it evolves…. but, back to the article, it isn’t just the evolution of technology that is making security a focus for business, it is a series of high-profile, embarrassing data breaches. A CEO that wouldn’t have thought very much about security technology a few years ago, sees what happens to a Stratfor or Global Payments and they understand the risks. Data security is front and center in the news, and a data breach can be a business-ending event.

So get out in front the problem. Start tracking your application dependencies and identify known vulnerabilities with Insight.

When we launched Nexus Professional and integrated Sonatype Insight information we gave you the ability to keep track of your overall exposure to security vulnerabilities. Your IT organization gained a window into the intersection of known vulnerabilities with the artifacts you download from Central. That was a good start, but the real benefit is Insight for CI. We launched Insight for CI this week, and it’s the tool you’ll want to use to address security vulnerabilities in specific products. If it is your responsibility to keep up with security, one of the easiest ways to take a more proactive approach is to start using Insight for CI to track your application’s dependencies.

Click here to get started with Insight for CI. It works with either Hudson or Jenkins, and it covers both license and security information.

Insight for CI Demo: Additional Session Added


May 18, 2012 By Emily Blades

Due to high demand, we have added a second webinar presentation next Wednesday at 2PM EDT (GMT-0400) to accommodate multiple time zones. Here are the details for the presentation:

Join Brian Fox this Wednesday, May 23 at 11AM EDT or 2PM EDT (GMT-0400) for a 30 minute tour of Insight for CI. In this demo, Brian will show how Insight for CI will help you:

  • Generate a detailed bill of materials for every build in Hudson and Jenkins.
  • Find and fix license, security and quality problems quickly.
  • Set rules to notify you of problems, fail builds, or establish workflows.

If you register, you’ll also receive access to the recording after the event. So if something comes up and you can’t make it, you won’t miss out.

Two sessions are now available on Wednesday, May 23. Choose the best time for you:

Register – 11:00AM EDT (GMT-0400)

Register – 2:00PM EDT (GMT-0400)

Google Guava Shows Strong Growth in April


May 14, 2012 By Tim O'Brien

I was doing a bit of data analysis of the data that drives our Nexus Professional popularity results and I came across some statistics that show demand for Google Guava has been picking up over the last year. Our Top 10 list for general utilities contains the usual suspects. Libraries like Commons Lang and Commons Beanutils are predictably near the top of the list as are both log4j and slf4j. Not only are these the utilities you’d expect to see in almost every Java project, many of the dependencies you depend on also reference these libraries. This list is a list of utilities and projects you’d better be familiar with if you are programming in Java because you will undoubtedly encounter them.

Here is a list of the Top 10 Utilities from April 2012. Note how Google Guava jumped three places from #15 to #12 with a 2.5% increase in demand from March. While I don’t expect Google Guava to surpass the popularity of Apache Commons components any time soon, it will be interesting to see if Guava becomes a standard that challenges Commons Lang. Guava, like Apache Commons, is a collection of utilities and classes that supplement Java, while they have overlapping purposes, I tend to continue to have both on my classpath whenever I’m coding.

Caveat: I’m comparing utility libraries with the exception of JUnit. JUnit is downloaded automatically by a number of tools (tools that don’t appear to cache artifacts between instantiation). Because of this JUnit downloads are off the chart. If you average out the data, JUnit is being downloaded approximately once a second (across the entire month).

Last Chance! Webinar: Manage Your Components at Build Time in Hudson & Jenkins


May 2, 2012 By Emily Blades

Manage_OS_Components_At_Build_Time

Know What’s In Your Builds?

Join Brian Fox tomorrow, Thursday, May 3 at 11AM EDT (GMT-0400) for a 30 minute sneak preview of our latest innovation, Insight for CI. Brian will show you how Insight for CI will help you:

  • Gain visibility and control at build time in Hudson and Jenkins.
  • Find and fix license, security and quality problems quickly.
  • Set rules to notify you of problems, fail builds, or establish workflows.

If you register, you’ll also receive access to the recording after the event. So if something comes up and you can’t make it, you won’t miss out.

Reserve Your Seat

 

New Webinar: Manage Your OS Components At Build Time


April 16, 2012 By Emily Blades

Manage_OS_Components_At_Build_Time

Join Brian Fox for a 30 minute sneak preview of Insight for CI on Thursday, May 3 at 11AM EDT (GMT-0400). Brian will show you how Insight for CI will help you:

  • Gain visibility and control at build time in Hudson and Jenkins
  • Find and fix license, security and quality problems quickly
  • Set rules to notify you of problems or to fail builds

If you register, you’ll also receive access to the recording after the event. So if something comes up and you can’t make it, you won’t miss out.

Reserve Your Seat