Tag Archives: open source components

How a Software Bill of Materials Uncovers Known Vulnerabilities


April 30, 2015 By
Derek Weeks
time 3

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code […]

Continue reading...

Sonatype and Bamboo: Improving Your Builds


March 3, 2015 By
Derek Weeks
Bamboo

Sonatype now provides native Atlassian Bamboo support to improve the quality of your build outputs. Sonatype provides instant analysis of open source components used in every Bamboo build and alerts development teams to any quality, license, or security issues identified. By catching the issues during CI builds, development teams can quickly address open source policy violations early and can avoid unplanned rework.

Continue reading...

Evaluating OSS logistics solutions? Consider these 9 tips.


February 24, 2015 By
Derek Weeks
8_tips_evaluating_OSS_logistics

With well over 17 billion open source components downloaded from public repositories in 2014, it is clear that more software development organizations are assembling software from component building blocks. In fact, Gartner reports that by 2016 the vast majority of mainstream IT organizations will leverage open source software (OSS) components in mission-critical IT solutions. This massive reliance on open source components has created new challenges for managing the speed, cost, and risks of continuous delivery in today’s software development efforts.

Continue reading...

The Software Supply Chain Piques Interest


February 9, 2015 By
Derek Weeks
supply chain management

As we looked back at what our readers found most intriguing in the past year, we found one central theme: managing their software supply chain. Our readers wanted to know in a continuous world, where speed and quality often compete how can they develop software faster while becoming more profitable ensuring quality and managing risk.

Continue reading...

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management


December 16, 2014 By
Wayne Jackson
royce

  On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.” The legislation will ensure all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third […]

Continue reading...

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management


December 8, 2014 By
Wayne Jackson
code2

On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.” The legislation will ensure all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third party and open source components […]

Continue reading...

Code, Cars, and Congress: A Time for Cyber Supply Chain Management


December 5, 2014 By
Wayne Jackson
Cyber Supply Chain Management and Transparency Act of 2014

On December 4th, 2014, U.S. Congressional Representatives Ed Royce (R-CA) and Lynn Jenkins (R-KS) introduced H.R. 5793, the “Cyber Supply Chain Management and Transparency Act of 2014.” The legislation will ensure all contractors of software, firmware or products to the federal government provide the procuring agency with a bill of materials of all third party […]

Continue reading...

Talking Turkey in Texas: Open Source Governance Lags


November 25, 2014 By
Derek Weeks
tt

Deep in the heart of Texas, I was leading a panel discussion at the Lone Star Application Security Conference (LASCON) a few weeks ago.  The panel was “talking turkey” the importance of application security and open source software development, when the conversation led to a discussion about software supply chains. One of the panelists remarked […]

Continue reading...

42,000 Nexus Repository Managers, and Growing!


November 19, 2014 By
Derek Weeks
Nexus Artifactory Archiva

[Editor's Note: An update to this article is now available.  As of February 2015, active Nexus instances have reached 50,000.  For more information, please see the new blog post at: http://blog.sonatype.com/2015/02/nexus-reaches-50000/#.VPTXZEuf96k] Over the past 15 months, active Nexus instances have grown from 21,000 to 42,000.  Wowza.   That is news worth sharing, because you made it […]

Continue reading...

CIO.com: Helping Developers Reduce Open Source Risk


November 17, 2014 By
Derek Weeks
CIO-dot-com-logo

Last week, CIO.com shared a story of an inflection point in application security.  Lucian Constantin discussed how there needs to be a shift from manual open source risk analysis to more automated approaches.  His article stated, “The notion of using manual audits, manual approvals and traditional governance to deal with that level of [open source […]

Continue reading...