Customers using CLM want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To support this growing interest from our customers, we are introducing our next important milestone: Sonatype CLM’s integration with SonarQube.
Paul Roberts (@paulfroberts) at InfoWorld recently shared his perspective on “5 big security mistakes coders make”. First on his list was trusting third-party code that can’t be trusted. Paul shares: “If you program for a living, you rarely — if ever — build an app from scratch. It’s much more likely that you’re developing an application from a pastiche of proprietary code that you or your colleagues created, partnered with open source or commercial, third-party software or services that you rely on to perform critical functions.
In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are the building blocks used when creating an application, selecting the right one is an important choice. Not surprisingly, the most important characteristic for the selection are the features and capabilities provided by the component. After all, if the component doesn’t fulfill your requirements then why use it?
With the recent release of Nexus 2.8, we’ve updated the online documentation, Repository Management with Nexus (2.8). The most recent addition to the documentation has been the inclusion of a comprehensive search. For a book this size, this is an essential resource for finding what you need. Give it a spin.
In today’s Nexus Live Broadcast, Damon Edwards and his team from SimplifyOps introduced us to RunDeck, open source software that helps automate routine operational procedures in data center or cloud environments. He is seeing Nexus in many of his enterprise environments, so I thought it would be interesting to see an overview the product and […]
Another informative and well-presented RebelLabs survey has hit the streets. Their 2014 Java Tools and Technologies Landscape report was just released and hats off to them for ‘their better than ever response rate’ and their good will for charity donations from each completed survey response. This year’s survey covers more than a dozen different tool/technology segments within the Java industry.
In this segment of the Nexus 2 Minute Challenge, we’re going to look at the Nexus User Token feature. The user token relates to the username and password that is used to connect to Nexus. In this example, there is a Maven .xml file where the username and password is in clear text. This is […]
What happens if you are asked to manage multiple Nexus server instances? How can you tell which instance you are viewing? In this 2 Minute Challenge, we ask Manfred if he can change the header to specify which server instance he is using. Have a look… View the 2 Minute Challenge
What if you don’t want Nexus to serve from the default port. In this 2 Minute Challenge, we ask Manfred Moser if he can demo the change in under 2 minutes. Have a look… View the full video
In this segment of the Nexus 2 Minute Challenge, we asked Manfred Moser to replace the regular release process using the Nexus Staging Suite in less than 2 minutes. View the entire Nexus 2 Minute Challenge