Tag Archives: clm

Are You Choosing the “Right” Component?


July 17, 2014 By
Manfred Moser
Component Choices

In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are the building blocks used when creating an application, selecting the right one is an important choice. Not surprisingly, the most important characteristic for the selection are the features and capabilities provided by the component. After all, if the component doesn’t fulfill your requirements then why use it?

Continue reading...

4 Open Source Components You Need to Update Right Now


May 7, 2014 By
Brian Fox
Component Vulnerability Stats

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on downloads from the (Maven) Central Repository, I’m sitting here with my jaw hanging open. Over 46 million Java-based open source components containing known vulnerabilities were downloaded from the Central Repository in 2013*.

Continue reading...

FinSvcs Working Group (FS-ISAC) Takes on Open Source Components


December 2, 2013 By
Derek Weeks
fs-isac thumbnail

Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus behind managing open source components effectively. And now we can add the Financial Services / Information Sharing and Analysis Center (FS-ISAC) to the list.

Continue reading...

Should your devops pipeline consider component intelligence?


October 31, 2013 By
Manfred Moser

In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using
Nexus as a repository for their development and release components. They
found that they need to be able to quickly create another virtual
machine as part of their build infrastructure to react to changes in
datacenter locations and other parameters.

Continue reading...

Yes, Policies Can Actually Speed Development


By
Derek Weeks

CONTROL, ENFORCEMENT, APPROVALS, POLICIES These concepts run counter to fast, agile, based-development. These words make developers cringe, they are “4 letter words”. Could it be that the problems with these concepts is not what they are trying to accomplish, but how they are implemented? They are intended to ensure that applications developers create are trusted, […]

Continue reading...

Using Your Repository Manager to Optimize Component Usage


September 24, 2013 By
Derek Weeks

We constantly receive inquiries about how organizations can get the most out of their repository manager. We thought it would be good to address this topic in a series of webinars. While preparing for the webinars, we looked at problems that afflicted organizations who aren’t using a repository manager. Developers Waste Time downloading a massive […]

Continue reading...

Policy Hierarchy & Inheritance: Simplified Policy Management


September 13, 2013 By
Derek Weeks

We are pleased to announce the availability of Sonatype 1.6. This release is focused on policy hierarchy and inheritance support and includes a revamped user experience. The development team has also added a number of new quick start guides including one that provides guidance on policy management. Jeff Wayman does a great job of describing […]

Continue reading...

Announcing CLM 1.5: New release simplifies policy management


July 11, 2013 By
Derek Weeks

At its core, Sonatype CLM uses policies to manage component usage. Policies provide automated guidance and enforcement throughout the software lifecycle, allowing for direct, stage-appropriate actions. For example, developers can be warned early in the IDE with little consequence, while applications, ready to be released, can be failed to protect production systems. Since policy actions […]

Continue reading...

See the Great Battle of Security and Speed at the Gartner Security & Risk Management Summit


June 6, 2013 By
Emily Blades

Once upon a time…there was a great battle between Speed and Security. Development wanted to go fast, but security wanted to slow down and be safe. Sound familiar? Modern applications are no longer written entirely from scratch using custom code, they are assembled from open source components using a relatively small amount of custom code […]

Continue reading...