Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

LEGO, Death Stars, and Millennium Falcons, Oh My

January 18, 2017 By Jeffrey Wayman

Summary: Sonatype now offers a new revolutionary way to instantly give your teams access to vulnerability, license, and quality related data for the components they are consuming.

The LEGO Death Star has about 1/10th of the parts of a Toyota; 3803 to be exact. If you’ve ever assembled the LEGO Death Star, or anything lego related, you know having the right parts is critical.

Even more impressive is what the group over at Titans Creations did. This group of LEGO fans (known as My Own Creation[ers]) built a scale model (mini-figure scale) of the Millennium Falcon. Coming in at around 10,000 parts it’s one of the more, if not most impressive custom models to date.

As impressive as this is, it stands in the shadows of the world’s largest lego model. That impressive feat, managed by LEGO themselves was achieved in the form of a scale model of the Luke Skywalker’s X-Wing. It came in at well over 5.3 million individual pieces. In perspective, that’s a 177 fully-assembled Toyota cars, or about 73 floors if we stacked those cars one on top of the other.

Needless to say, whether you’re assembling your best attempt at a simple, square house (my own design 57 pieces in total), or the 46,000 pound X-Wing, you need high quality parts. In any of these situations, even a single part can introduce risk into your creation, risk like bringing the whole thing crumbling down, or at a minimum, force a lot of rebuilding from scratch. In my case, not such a big deal, in the case of months of work, it’s a travesty.

Screen Shot 2016-02-01 at 4.50.59 PM

Accepting Risk

Unfortunately, many of us take this risk every day. Sure, most of us just dabble in LEGOs on the side. However, our day jobs consist of building high quality software products in a very similar way.

The components and applications we create are used across the world, and often depend on a wide array of other components and applications. In some cases, like cars, lives depend on these creations. In others, it’s more a representation of effort and time, a labor of love, like building a scale model of an X-Wing.

In either case we put a great deal of trust in the parts we use. However, there has not been a quick and easy way to see if those parts could cause failure in our final product. Internet searches and sticking our eyes to the “hot sheets” can keep us abreast of the latest risk, but that’s not scaleable, and it certainly isn’t enjoyable. We’re creators, not research analysts (no offense, I appreciate the job you do).

Regardless of the case, or level of enjoyment found in endless research, no one desires to put anything less than the best quality into their creations. Worse than that, in most cases, projects can’t afford the time to research each and every component we want to use. That is, until now.

A Better Way to Create

Sonatype’s Nexus Firewall offers a revolutionary way to instantly give your teams access to vulnerability, license, and quality related data for the components they are consuming. In a way, it’s like being able to instantly know which of those parts in the Toyota will make it unsafe, which outdated parts have been retired from use, or which piece of that X-Wing will bring the whole model down. As we’ve coined it, it’s a Firewall that stands vigilant against parts that threaten the success of your creations.

Nexus Firewall protects your entire warehouses of parts, that is your repositories, where creation begins. In most cases this is done in just a few seconds, and in the most extreme a couple minutes.

Nexus Firewall is not only a simple and easy way to identify the things that expose you to risk, it’s also a fully customizable system that allows you to specify exactly which parts you want to use, and ensure the final product, your production application, is free from known vulnerabilities, license risks, or outdated component versions. In a way, it’s like being able to guide a team to create a completely red-brick version of that X-Wing, ensure it’s free from vulnerabilities and IP risk, uses the best quality parts, and monitor for any new risks that may be identified.

Ready To Take Off

Screen Shot 2016-02-01 at 5.16.03 PMWe invite you to see Nexus Firewall in action. You can then learn more about Nexus Firewall through the recent video posts “Step-by-Step: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall“ in our community, TheNexus.

Then, we encourage you to try Nexus Firewall today, and let your teams breathe a bit easier about the pieces used in their creations, which in turn gives your organization the peace of mind you desire in your Software Supply Chain.

Tags: legos, Software Supply Chain, Nexus Firewall, Nexus Repository, Open Source, Application Security, open source risk, Devops

Written by Jeffrey Wayman

Jeff is a Customer Education team leader at Sonatype. He helps turn customers into kick ass users every day - see what his team is up to at my.sonatype.com.