Tag Archives: clm

FinSvcs Working Group (FS-ISAC) Takes on Open Source Components


December 2, 2013 By
Derek Weeks
fs-isac thumbnail

Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.

Continue reading...

Should your devops pipeline consider component intelligence?


October 31, 2013 By
Manfred Moser

In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using
Nexus as a repository for their development and release components. They
found that they need to be able to quickly create another virtual
machine as part of their build infrastructure to react to changes in
datacenter locations and other parameters.

Continue reading...

Yes, Policies Can Actually Speed Development


By
Derek Weeks

CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]

Continue reading...

Using Your Repository Manager to Optimize Component Usage


September 24, 2013 By
Derek Weeks

We constantly receive inquiries about how organizations can get the most out of their repository manager. We thought it would be good to address this topic in a series of webinars. While preparing for the webinars, we looked at problems that afflicted organizations who aren’t using a repository manager. Developers Waste Time downloading a massive […]

Continue reading...

Policy Hierarchy & Inheritance: Simplified Policy Management


September 13, 2013 By
Derek Weeks

We are pleased to announce the availability of Sonatype 1.6. This release is focused on policy hierarchy and inheritance support and includes a revamped user experience. The development team has also added a number of new quick start guides including one that provides guidance on policy management. Jeff Wayman does a great job of describing […]

Continue reading...

Announcing CLM 1.5: New release simplifies policy management


July 11, 2013 By
Derek Weeks

At its core, Sonatype CLM uses policies to manage component usage. Policies provide automated guidance and enforcement throughout the software lifecycle, allowing for direct, stage-appropriate actions. For example, developers can be warned early in the IDE with little consequence, while applications, ready to be released, can be failed to protect production systems. Since policy actions […]

Continue reading...

See the Great Battle of Security and Speed at the Gartner Security & Risk Management Summit


June 6, 2013 By
Emily Blades

Once upon a time…there was a great battle between Speed and Security. Development wanted to go fast, but security wanted to slow down and be safe. Sound familiar? Modern applications are no longer written entirely from scratch using custom code, they are assembled from open source components using a relatively small amount of custom code […]

Continue reading...

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.


May 27, 2013 By
Jessica Dodson

If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you […]

Continue reading...

New Webinar: No Way! Security & Compliance Can Speed Development


May 13, 2013 By
Emily Blades

Date: Tuesday, May 7, 2013 11:00AM-11:45AM EDT (GMT-0400) The business expects more! You have turned to agile development practices and components to deliver. You’re not alone…research shows 80% of modern applications consist of components, many of them open source. On the flip side, 57% of organizations aren’t managing components effectively. Enter security and compliance; once […]

Continue reading...

Application Security, Not so Black & White


May 8, 2013 By
Ryan Berg

I’m glad to see that Simon Phipps, independent open source consultant and a director of the Open Source Initiative, promote the need to manage components effectively. In his recent InfoWorld article he notes: “Cyber security is on the national political agenda, but do we really understand what it takes to be secure? Now that enterprise […]

Continue reading...