Curtis Yanko

Curtis Yanko is a Sr Principal Architect at Sonatype and a DevOps coach/evangelist. Prior to coming to Sonatype Curtis started the DevOps Center of Enablement at a Fortune 100 insurance company and chaired a Open Source Governance Committee. When he isn’t working with customers and partners on how to build security and governance into modern CI/CD pipelines he can be found raising service dogs or out playing ultimate frisbee during his lunch hour. Curtis is currently working on building strategic technical partnerships to help solve for the rugged devops tool chain.

Follow me on:
documentation
READ MORE

Using a software bill of materials (SBOM) is going mainstream

3 minute read time

Crazy: OWASP A9 is about to turn seven and the DevSecOps Community Survey shows less than half of organizations can produce a Software Bill of Materials.
Read More...
GettyImages-867236268
READ MORE

The Three R’s of Software Supply Chains: Reject, Replace, and Respond

By Curtis Yanko on September 09, 2019 devops best practices

7 minute read time

OWASP A9 has been around for over 6 years now. These three R's helps enterprise security manage their software supply chains: Reject, Replace, Respond.
Read More...
GettyImages-913430902
READ MORE

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 2

By Curtis Yanko on May 07, 2019 Red Hat

3 minute read time

How to add security to your CI/CD pipeline quickly with Nexus Lifecycle, Red Hat Quay, and Twistlock, all without disrupting ongoing development.
Read More...
GettyImages-932084794
READ MORE

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 1

By Curtis Yanko on May 07, 2019 Red Hat

3 minute read time

How to use Webhooks to integrate Red Hat's Quay into Sonatype's Nexus Lifecycle for devsecops and container security in Docker.
Read More...
GettyImages-910425902
READ MORE

The Rise of Dependency Scanners

By Curtis Yanko on November 26, 2018 devsecops

2 minute read time

Software composition analysis has seen a spike in growth from developers on Github to help with their devsecops journey.
Read More...
kompose1
READ MORE

Nexus Reference Platform: Kompose, OpenShift and Helm

By Curtis Yanko on August 29, 2018 Docker

3 minute read time

Exploring the migration from docker compose to kubernetes, openshift, and helm for the nexus reference platform.
Read More...
stack
READ MORE

Nexus Reference Platform: Docker Stack and Kubernetes

By Curtis Yanko on August 27, 2018 Docker

3 minute read time

Nexus Reference Platform deployed to kubernetes using docker compose.
Read More...
3days
READ MORE

DevSecOps: The Carrot and the Stick

By Curtis Yanko on June 23, 2018 devsecops

4 minute read time

DevOps and DevSecOps success stories from practitioners along with a cautionary tale of the consequences of doing nothing.
Read More...
READ MORE

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain

3 minute read time

Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security.
Read More...