One in Six Developers in Healthcare Report Open Source Breaches | Press Release

blog-logo Sonatype Blog

Using a Software Bill of Materials (SBOM) is Going Mainstream

Crazy: OWASP A9 is about to turn seven and the DevSecOps Community Survey shows less than half of organizations can produce a Software Bill of Materials.
Read More...

The Three R’s of Software Supply Chains: Reject, Replace, and Respond

By Curtis Yanko on September 09, 2019 devops best practices
OWASP A9 has been around for over 6 years now. These three R's helps enterprise security manage their software supply chains: Reject, Replace, Respond.
Read More...

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 2

By Curtis Yanko on May 07, 2019 Red Hat
How to add security to your CI/CD pipeline quickly with Nexus Lifecycle, Red Hat Quay, and Twistlock, all without disrupting ongoing development.
Read More...

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 1

By Curtis Yanko on May 07, 2019 Red Hat
How to use Webhooks to integrate Red Hat's Quay into Sonatype's Nexus Lifecycle for devsecops and container security in Docker.
Read More...

The Rise of Dependency Scanners

By Curtis Yanko on November 26, 2018 devsecops
Software composition analysis has seen a spike in growth from developers on Github to help with their devsecops journey.
Read More...

Nexus Reference Platform: Kompose, OpenShift and Helm

By Curtis Yanko on August 29, 2018 Docker
Exploring the migration from docker compose to kubernetes, openshift, and helm for the nexus reference platform.
Read More...

Nexus Reference Platform: Docker Stack and Kubernetes

By Curtis Yanko on August 27, 2018 Docker
Nexus Reference Platform deployed to kubernetes using docker compose.
Read More...

DevSecOps: The Carrot and the Stick

By Curtis Yanko on June 23, 2018 devsecops
DevOps and DevSecOps success stories from practitioners along with a cautionary tale of the consequences of doing nothing.
Read More...

The What and Why of DevSecOps

By Curtis Yanko on June 19, 2018 DevOps Culture
At its heart, DevSecOps is about a culture of learning so that we can become innovative.
Read More...