<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Many organizations are quickly maturing their CI/CD practices in the hopes of winning the innovation battle. But where do security and governance practices fit in? As organizations embrace DevOps, quality and security cannot become an afterthought. The good news is that many DevOps practitioners agree as evidenced by our recent DevSecOps survey. The data shows that mature DevOps organizations are automating security practices earlier in the development process compared to less mature DevOps organizations.

DevSecOps: A More Deterministic Approach

Is security an inhibitor to DevOps agility?

To answer this question we would need to take a quick look at differences between DevOps, QA and Security when it comes to automation issues.

DevSecOps: Slaying the Myths of Container Security

Containers are clearly appealing for companies and development teams who want to deliver and iterate on their software faster and efficiently. This is achieved through more consistent, simple and repeatable deployments, rapid rollback, and simpler ways of orchestrating and scaling distributed applications.

DevSecOps: Integrating Automated Security Controls

DevSecOps: Embracing Automation While Letting Go of Tradition

While I am all for traditions like Thanksgiving turkey and Sunday afternoon football, holding onto traditions in your professional life can be career limiting. The awesome thing about careers in technology is that you constantly have to be on your front foot.  Because when you’re not, someone, somewhere, will be and when you meet them, they’ll win.

DevSecOps is Suddenly Strategic for Everyone in Software:  Here's Why

Software innovation is the core of every company's digital transformation; the strategic weapon by which modern organizations compete and win on a global playing field.  This is why executives and shareholders at every company, in every industry, are placing intense pressure upon IT teams to accelerate innovation.  

This insatiable demand for innovation has created a perfect storm which is wreaking havoc on many IT organizations around the world.   To counter the effects of this storm, forward leaning organizations have embraced DevOps as the preferred methodology for manufacturing quality software at scale and continuously delivering innovation.

Organizations everywhere are now transforming their development from waterfall-native to DevOps-native tools and processes.  Along the way, they are coming to grips with one simple fact:  DevOps is not an excuse to do application security poorly; rather it is an opportunity to do application security better than ever.

This realization is the reason why DevSecOps in suddenly strategic for anyone and everyone in software.

How DevOps Killed the Market for Software Composition Analysis

The niche market for Software Composition Analysis (SCA) tools has died.  The culprit: DevOps.

In today's world, developers are king.  Innovation is the throne upon which they sit.  Anything seen as an inhibitor to DevOps agility is the enemy, and therefore, must be terminated.

SCA tools are waterfall-native by design.  Thus, it is impossible to integrate SCA security controls into DevOps-native work flows in an automated and scalable way.