Tag Archives: open source governance

Automated Nexus Reports on Licenses, Security, and More


August 5, 2015 By
Derek Weeks
Screen Shot 2015-08-05 at 2.12.57 PM

You have been using Nexus repository managers for years, but did you know they offer a free reporting feature that details your component licenses, known security vulnerabilities, versions, age, and adoption rates? Your Nexus repository manager can be the first line of defense against security vulnerabilities and the perfect platform to assess your exposure to open […]

Continue reading...

Categories: Uncategorized

The Cost to DevOps: 27 Mufflers


July 16, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.51.00 PM

Imagine that you are designing the 2016 Range Rover line of sport utility vehicles. Like all gas powered vehicles, each one needs an exhaust muffler. Range Rover likely has narrowed in on a preferred provider of mufflers. But imagine what would happen if the designers and factory line workers could pick from any one of 27 past versions of that muffler from their preferred provider for the new model year.

Continue reading...

Categories: Uncategorized

Real World Experiences: Blackboard


April 21, 2015 By
Derek Weeks
bb-testimonial

As part of a new series we’re calling ‘Real World Experiences’ we’ll be highlighting how Sonatype customers are benefiting from greater development efficiency, higher productivity levels, faster time to market and better quality software, all while being more secure. We kick off the series covering Blackboard, the world’s leading education technology company.

Continue reading...

Categories: Uncategorized

Legal at DevOps Speed


April 7, 2015 By
Derek Weeks
legal risks

Paul is not part of our development team, he doesn’t want to be, and he certainly does not slow them down. But with that said, Paul knows how to work at DevOps speed. He knows legal reviews need to happen at the speed of development on every component, every build, and every release. How much time does Paul spend reviewing open source and third-party software components in the software we are building? Almost none. Yup. That is because we have automated him.

Continue reading...

Categories: Uncategorized

Sonatype and Bamboo: Improving Your Builds


March 3, 2015 By
Derek Weeks
Bamboo

Sonatype now provides native Atlassian Bamboo support to improve the quality of your build outputs. Sonatype provides instant analysis of open source components used in every Bamboo build and alerts development teams to any quality, license, or security issues identified. By catching the issues during CI builds, development teams can quickly address open source policy violations early and can avoid unplanned rework.

Continue reading...

Categories: Uncategorized

42,000 Nexus Repository Managers, and Growing!


November 19, 2014 By
Derek Weeks
Nexus Artifactory Archiva

[Editor’s Note: An update to this article is now available.  As of February 2015, active Nexus instances have reached 50,000.  For more information, please see the new blog post at: http://blog.sonatype.com/2015/02/nexus-reaches-50000/#.VPTXZEuf96k] Over the past 15 months, active Nexus instances have grown from 21,000 to 42,000.  Wowza.   That is news worth sharing, because you made it […]

Continue reading...

Categories: Uncategorized

Nigel’s Wake-up Call: Scaling Open Source Governance


November 3, 2014 By
Derek Weeks
Portrait of a surprised young man wearing eyeglasses

The Wake-up Call They had downloaded over 200,000 open source components in the past year.  And their open source policy…the one established to protect against license risks and security vulnerabilities?  It covered about 3% of them. This is how Nigel Simpson, Director of Architecture at a major media and entertainment company, described his organization’s “huge” […]

Continue reading...

Categories: Uncategorized