<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

Internet of Things Cybersecurity Improvement Act of 2017

The United States Senate is making moves to protect consumer interests, data, and privacy with regard to the Internet of Things (IoT).  Today, U.S. Senator’s Mark R. Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, along with Sens. Ron Wyden (D-WA) and Steve Daines (R-MT) introduced bipartisan legislation called the Internet of Things Cybersecurity Improvement Act of 2017.

2017 State of the Software Supply Chain Report

We live in an application economy where software has shifted from being a driver of nominal efficiency gains to an enabler of new customer experiences and markets.

Innovation is king, speed is critical, and open source is center stage. To compete effectively on a global playing field, companies aren’t just writing software — they’re manufacturing it as fast as they can using an infinite supply of open source component parts, machine automation, and supply chain-like processes.

The Trump White House Takes Aim at Cybersecurity

“The executive branch has for too long accepted antiquated and difficult–to-defend IT”, declared President Donald Trump in a new Executive Order released on Thursday, May 11th, 2017.

The Magnitude of Risk and Importance of a Plan

Over the past few years, we have witnessed mega-breaches that have impacted IT systems across our financial services industry, healthcare sector, and government.  The vast majority of these breaches take advantage of weaknesses in software applications, according to the current and recent years of the Verizon Data Breach and Investigations report.  The White House believes it is imperative that the United States modernize its IT infrastructure in order to better defend it.  

They Sent 300 Employees to a DevOps Conference

Last year, I was able to attend 18 DevOps conferences. I saw some awesome presentations, met incredible people, and expanded my knowledge of the latest practices. While my role as the DevOps Advocate for Sonatype enables me to get out to all of these conferences, not everyone has the time, the budget, or the approval to get to even one event a year.

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Many organizations are quickly maturing their CI/CD practices in the hopes of winning the innovation battle. But where do security and governance practices fit in? As organizations embrace DevOps, quality and security cannot become an afterthought. The good news is that many DevOps practitioners agree as evidenced by our recent DevSecOps survey. The data shows that mature DevOps organizations are automating security practices earlier in the development process compared to less mature DevOps organizations.

DevSecOps: A More Deterministic Approach

Is security an inhibitor to DevOps agility?

To answer this question we would need to take a quick look at differences between DevOps, QA and Security when it comes to automation issues.

DevSecOps: Slaying the Myths of Container Security

Containers are clearly appealing for companies and development teams who want to deliver and iterate on their software faster and efficiently. This is achieved through more consistent, simple and repeatable deployments, rapid rollback, and simpler ways of orchestrating and scaling distributed applications.