Community Updates: Nancy Has a New Ship, and Found oysteRs
2 minute read time
Nancy checks for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index and Nexus IQ Server. Another community contribution is oysteR.
Read More...
Four Common Security Acronyms Explained
4 minute read time
SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, what exactly do they do, and why does it matter?
Read More...
Get the Latest DevSecOps Reference Architecture
2 minute read time
Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...
Are You a Fool With a Tool?
3 minute read time
Buckminster Fuller cautioned against prioritizing tools. DevOps should always include discussions of culture, strategy, and process for the best outcomes.
Read More...
Nancy, on a Boat! (Announcing Nancy for Docker)
2 minute read time
Nancy checks for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.
Read More...
Security Should Stop Being a Drag
3 minute read time
An application should withstand automated, manual, or user testing. Security vulnerabilities, although extremely important, are in reality non-functional.
Read More...
Success Requires Reflection on DevSecOps Failures
4 minute read time
There are so many books on how to succeed, but none about the major challenges and headaches that will ultimately occur when beginning a DevSecOps journey.
Read More...
A Sort of a Homecoming - Why I Joined Sonatype
2 minute read time
The open source and supply chain problem facing the industry is one of the major reasons why I joined Sonatype. I can make an impact evangelizing DevSecOps.
Read More...
Security Organizations Need to Start Thinking Like Developers
2 minute read time
Developers must think more securely, and security teams need to learn more development skills. Cross-discipline awareness strengthens software development.
Read More...