Tag Archives: open source

Legos, Death Stars, and Millennium Falcons, Oh My


February 2, 2016 By
Jeff Wayman

The Lego Death Star has about 1/10th of the parts of a Toyota; 3803 to be exact. If you’ve ever assembled the Lego Death Star, or anything lego related, you know having the right parts is critical. Even more impressive is what the group over at Titans Creations did. This group of Lego fans (known as My Own Creation[ers]) built a scale model (mini-figure scale) of the Millennium Falcon. Coming in at around 10,000 parts it’s one of the more, if not most impressive custom models to date.

Continue reading...

Rugged DevOps: Survival is Not Mandatory


January 25, 2016 By
Derek Weeks
Rugged Devops

Deming, the patron saint of DevOps once advised, “It is not necessary to change. Survival is not mandatory.” To survive, application development teams are constantly pressured to deliver software even faster. But fast is not enough. The best organizations realize that security, quality and integrity at velocity are mandatory for survival. Hence, DevOpsSec

Continue reading...

Did you wake up to an alert about the Java Deserialization vulnerability?


November 13, 2015 By
Brian Fox
Java-Deserialization-01

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now and go read this factual and un-sensationalized account of the situation. I’ll wait.

Continue reading...

Better and Fewer Suppliers (2015 Software Supply Chain Report)


June 17, 2015 By
Derek Weeks
Screen Shot 2015-07-29 at 2.56.10 PM

Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains. In the Java ecosystem alone, there are now over 108,000 suppliers of open source components. Across all component types available to developers (e.g., RubyGems, NuGet, npm, Bower, PyPI, etc.), estimates now reach over 650,000 suppliers of open source projects.

Continue reading...

How a Software Bill of Materials Uncovers Known Vulnerabilities


April 30, 2015 By
Derek Weeks
iStock_000001171649Small

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code […]

Continue reading...

Nexus 3: New Milestone Release


February 12, 2015 By
Jeff Wayman
Nexus_Milestone

There are those of us that like to stay on the cutting edge of technology, fiddling with the latest and greatest, even if it means the experience might be a little rough around the edges. Yes, that might mean suffering through a bunch of issues despite a warning not to install Mavericks on our main […]

Continue reading...

Rubyists Rejoice – Nexus Supports RubyGem Repositories


December 2, 2014 By
Brian Fox
Very high resolution 3d rendering of a ruby isolated over white.

We have done it again! Our Nexus development team has been busy this fall.  With Nexus 2.9 in September, we introduced NuGet support for Nexus Open Source.  In October Nexus 2.10 introduced npm support for all Nexus editions.  And now with Nexus 2.11, we are adding Ruby Gem Repository support! We are happy to announce […]

Continue reading...

How Big is a Billion? Open Source Growth Skyrockets


November 10, 2014 By
Derek Weeks
iStock_000021230321Small

How Big is a Billion? We all remember 1997’s Austin Powers movie with Dr. Evil trying to express a really big number: Dr. Evil: Mr. President, after I destroy Washington D.C… I will destroy another major city every hour on the hour. That is, unless, of course, you pay me… one hundred billion dollars. The […]

Continue reading...

Nigel’s Wake-up Call: Scaling Open Source Governance


November 3, 2014 By
Derek Weeks
Portrait of a surprised young man wearing eyeglasses

The Wake-up Call They had downloaded over 200,000 open source components in the past year.  And their open source policy…the one established to protect against license risks and security vulnerabilities?  It covered about 3% of them. This is how Nigel Simpson, Director of Architecture at a major media and entertainment company, described his organization’s “huge” […]

Continue reading...