Tag Archives: AppSec

Software Supply Chains: DevOps Lessons Learned from Southwest Airlines

November 23, 2015 By
Wayne Jackson

I was talking to a new business acquaintance the other day and had a really interesting exchange. It went something like this: Him: So, what does Sonatype do? Me: We work in the software development realm doing this new thing called Software Supply Chain Automation. Him: What does that mean? Me: Well, modern software is, […]

Continue reading...

Nexus Firewall: Quality at Velocity

November 17, 2015 By
Mike Hansen
fw2 small

The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities. By leveraging automation in your repository manager, you can improve application quality and reduce unplanned work while lowering exposure to risk. Repository managers like Nexus, Artifactory and Archiva have been serving […]

Continue reading...

Improving Container Security: Docker and More

November 12, 2015 By
Derek Weeks
Screen Shot 2015-11-12 at 2.02.09 PM

This blog was contributed by Chenxi Wang, Chief Strategy Officer at Twistlock.   Earlier this week, Sonatype announced a strategic partnership with Twistlock.  The relationship is incredibly important to furthering automation and security across the software supply chain as it relates to container technologies.  For this reason, we invited Chenxi Wang, Chief Strategy Officer from […]

Continue reading...

We Lack Building Codes for Building Software Code [VIDEO]

June 15, 2015 By
Mark Miller
Screen Shot 2015-07-29 at 11.34.31 AM

At Josh Corman’s presentation during AppSecEU 2015, he brought up the analogy of buildings codes, those laws and regulations that mandate how architectural buildings are built. It’s the reason earthquakes in some regions of the world are so devastating, while even stronger ones in other areas cause minimal damage.

Continue reading...

DevOps Leadership Series: Gov Does DevOps

May 27, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.30.20 PM

This past week, I had the opportunity to catch up with some more industry thought leaders at the DevOpsDays DC event in our nation’s capital. This was the first major DevOps Days event to feature a large audience of government participants. It was an awesome event and is certainly going to be on my must-attend list for next year.

Continue reading...

DevOps Leadership Series: Security at Velocity [Video]

May 12, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 4.39.53 PM

If it does not fit, it does not get done. For many DevOps practices, application security falls into the “does not get done” bucket. That’s because for many DevOps-centric organizations, application security has historically be done somewhere else, by someone else, who is slow.

Continue reading...