<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

The Trump White House Takes Aim at Cybersecurity

“The executive branch has for too long accepted antiquated and difficult–to-defend IT”, declared President Donald Trump in a new Executive Order released on Thursday, May 11th, 2017.

The Magnitude of Risk and Importance of a Plan

Over the past few years, we have witnessed mega-breaches that have impacted IT systems across our financial services industry, healthcare sector, and government.  The vast majority of these breaches take advantage of weaknesses in software applications, according to the current and recent years of the Verizon Data Breach and Investigations report.  The White House believes it is imperative that the United States modernize its IT infrastructure in order to better defend it.  

They Sent 300 Employees to a DevOps Conference

Last year, I was able to attend 18 DevOps conferences. I saw some awesome presentations, met incredible people, and expanded my knowledge of the latest practices. While my role as the DevOps Advocate for Sonatype enables me to get out to all of these conferences, not everyone has the time, the budget, or the approval to get to even one event a year.

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Many organizations are quickly maturing their CI/CD practices in the hopes of winning the innovation battle. But where do security and governance practices fit in? As organizations embrace DevOps, quality and security cannot become an afterthought. The good news is that many DevOps practitioners agree as evidenced by our recent DevSecOps survey. The data shows that mature DevOps organizations are automating security practices earlier in the development process compared to less mature DevOps organizations.

DevSecOps: A More Deterministic Approach

Is security an inhibitor to DevOps agility?

To answer this question we would need to take a quick look at differences between DevOps, QA and Security when it comes to automation issues.

DevSecOps: Slaying the Myths of Container Security

Containers are clearly appealing for companies and development teams who want to deliver and iterate on their software faster and efficiently. This is achieved through more consistent, simple and repeatable deployments, rapid rollback, and simpler ways of orchestrating and scaling distributed applications.

DevSecOps: Integrating Automated Security Controls

DevSecOps: Embracing Automation While Letting Go of Tradition

While I am all for traditions like Thanksgiving turkey and Sunday afternoon football, holding onto traditions in your professional life can be career limiting. The awesome thing about careers in technology is that you constantly have to be on your front foot.  Because when you’re not, someone, somewhere, will be and when you meet them, they’ll win.