DevSecOps with Speed and Control | Sonatype Blog

How a Software Bill of Materials Uncovers Known Vulnerabilities

by Derek Weeks, on April 30, 2015

Tags: Cyber Supply Chain Management and Transparency Act, H.R. 5793, Lynn Jenkins (R-KS), government open source software (GOSS), Software Supply Chain, bill of materials, application healthcheck, open source governance, open source components, open source governance policy, Ed Royce (R-CA), Cyber Chain Integrity Act, application supply chain management, open source software supply chain, Open Source, Cyber Supply Chain, Application Security, bill of materials (of 3rd party and open source co, clm, cyber supply chain management, Software supply chain management

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

by Wayne Jackson, on December 16, 2014

Tags: Cyber Supply Chain Management and Transparency Act, H.R. 5793, Lynn Jenkins (R-KS), government open source software (GOSS), Sonatype Says, open source components, Ed Royce (R-CA), Cyber Chain Integrity Act, application supply chain management, Everything Open Source, Wayne Jackson, open source application scan, open source software supply chain, Cyber Supply Chain, bill of materials (of 3rd party and open source co, cyber supply chain management, Software supply chain management, AppSec Spotlight

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

by Wayne Jackson, on December 08, 2014

Code, Cars, and Congress: A Time for Cyber Supply Chain Management

by Wayne Jackson, on December 05, 2014

42,000 Nexus Repository Managers, and Growing!

by Derek Weeks, on November 19, 2014

Tags: Cyber Supply Chain Management and Transparency Act, Component Lifecycle Management, Sonatype Nexus, artifactory, H.R. 5793, OSS logistics, government open source software (GOSS), Nexus vs. Artifactory, Nexus Repo Reel, Sonatype Says, software bill of materials, open source management, open source governance, open source policy, open source components, open source security, Cyber Chain Integrity Act, application supply chain management, Everything Open Source, repository manager market share, Archiva, open source software supply chain, Cyber Supply Chain, Maven, open source risk, bill of materials (of 3rd party and open source co, cyber supply chain management, repository management, Software supply chain management, Nexus vs. Archiva, central repository

How Big is a Billion? Open Source Growth Skyrockets

by Derek Weeks, on November 10, 2014

Tags: Cyber Supply Chain Management and Transparency Act, H.R. 5793, repository health check, government open source software (GOSS), Sonatype Says, Nexus OSS, Nexus, open source components, Nuget, Cyber Chain Integrity Act, npm, application supply chain management, open source nexus, The Central Repository, RubyGems, open source software supply chain, Open Source, Cyber Supply Chain, Maven, bill of materials (of 3rd party and open source co, java, cyber supply chain management, Software supply chain management, application health

Nigel’s Wake-up Call: Scaling Open Source Governance

by Derek Weeks, on November 03, 2014

Tags: Cyber Supply Chain Management and Transparency Act, oss, H.R. 5793, governance, government open source software (GOSS), Sonatype Says, SDLC, component vulnerability, open source governance, Nexus, open source components, open source governance policy, Cyber Chain Integrity Act, application supply chain management, Everything Open Source, open source software supply chain, Open Source, Cyber Supply Chain, Application Security, bill of materials (of 3rd party and open source co, clm, cyber supply chain management, Software supply chain management, AppSec Spotlight, appdev

ALL POSTS NEXT PAGE

Search With Google

Posts by Topic

Sonatype Says (616)
Nexus Repo Reel (539)
Everything Open Source (389)
AppSec Spotlight (388)
Maven (251)
security (156)
Sonatype (146)
Application Security (116)
News (108)
component vulnerabilities (107)
Open Source (106)
Devops (76)
Software Supply Chain (62)
Hudson (58)
Nexus (53)
Nexus Repository (52)
devsecops (51)
webinar (47)
Book (46)
m2eclipse (41)
nexus pro (40)
open source components (39)
Software supply chain management (37)
eclipse (37)
Central (36)
Cyber Supply Chain Management and Transparency Act (34)
cyber supply chain management (34)
government open source software (GOSS) (34)
H.R. 5793 (33)
application supply chain management (33)
Docker (32)
open source governance (32)
Continuous Delivery (30)
clm (30)
bill of materials (of 3rd party and open source co (29)
nexus professional (28)
open source software supply chain (28)
Cyber Chain Integrity Act (27)
Cyber Supply Chain (27)
repository (27)
Community (26)
repository manager (25)
java (24)
Nexus Lifecycle (20)
continuous integration (19)
Sonatype webinar (18)
repository management (18)
Component Lifecycle Management (17)
How-To (17)
Wayne Jackson (17)
jenkins (17)
Maven Studio for Eclipse (16)
Insight (15)
Nexus OSS (15)
Tycho (15)
open source governance policy (15)
Nexus 3 (14)
josh corman (14)
video (14)
Jason van Zyl (13)
OWASP (13)
best practice (13)
Apache Struts2 (12)
AppSec (12)
bill of materials (12)
plugins (12)
Ed Royce (R-CA) (11)
Lynn Jenkins (R-KS) (11)
Training (11)
open source policy (11)
Apache Maven (10)
DemoCamp (10)
DevOpsSec (10)
Nexus Firewall (10)
Nexus vs. Artifactory (10)
OSGi (10)
containers (10)
devops (10)
events (10)
github (10)
Developer Onboarding (9)
Maven 3 (9)
OSS governance (9)
Sonatype Professional (9)
Sonatype training (9)
osstop10 (9)
plugin (9)
Nexus Repository 3 (8)
Nuget (8)
Rugged DevOps (8)
Struts (8)
ant (8)
equifax (8)
software bill of materials (8)
Chef (7)
Compliance (7)
EclipseCon (7)
Mercury (7)
Private Docker Registry (7)
Red Hat (7)
artifactory (7)
atlassian (7)
documentation (7)
m2e (7)
maven 3.0 (7)
npm (7)
pom (7)
release (7)
security strategy (7)
survey (7)
#OSSsecurity (6)
DevOps Culture (6)
Nexus Live (6)
Sonatype books (6)
apache (6)
application development (6)
open source development (6)
open source management (6)
open source survey (6)
policy automation (6)
search (6)
.net (5)
Gradle (5)
IBM (5)
Known Vulnerabilities (5)
Nexus IQ (5)
Nexus Repository OSS (5)
RubyGems (5)
Scala (5)
Software composition analysis (5)
SonarQube (5)
gene kim (5)
google (5)
open source application scan (5)
open source goveranance (5)
open source security (5)
oss (5)
puppet (5)
quality (5)
rest (5)
staging (5)
testing (5)
yum (5)
Aether (4)
Agile (4)
DevOps tool chain (4)
DevSecOps, Containers, Docker (4)
DevSecOps, DevOps, Application Security (4)
EclipseCon 2011 (4)
GIT (4)
Gartner (4)
JIRA (4)
JavaOne (4)
MVN-101 (4)
Nexus Office Hours (4)
PCI (4)
Product Release (4)
Professional (4)
RSA Conference (4)
Sonatype Insight (4)
Sonatype Newsletter (4)
Sonatype Nexus (4)
The Central Repository (4)
agile development (4)
artifact repository (4)
bouncy castle (4)
build promotion (4)
builds (4)
components (4)
developer (4)
flexmojos (4)
guice (4)
newsletter (4)
nexus open source (4)
open source software (4)
open source vulnerability (4)
operations (4)
policy enforcement (4)
polyglot (4)
repository health check (4)
security-summary (4)
struts2 (4)
technical (4)
3rd party software (3)
Archiva (3)
Automated Security (3)
CISO (3)
CloudBees (3)
Continuous Deliver (3)
Cybersecurity (3)
DevOps in the Cloud (3)
DevOpsDays (3)
DevSecOps in Government (3)
Devoteam (3)
Guelph (3)
HP Fortify (3)
Hudson Integration (3)
Insight for CI (3)
Java.net (3)
Javascript (3)
Jetty (3)
Kubernetes (3)
Maven training (3)
Nexus new release (3)
Nexus vs. Archiva (3)
OSS security (3)
Polyglot Maven (3)
REST API (3)
RIM (3)
SDLC (3)
Software Supply Chains (3)
Sonar (3)
Sonatype vs. Black Duck (3)
Struts2 vulnerability (3)
Tutorial (3)
all day devops (3)
android (3)
best practices (3)
central repository (3)
crowd (3)
developers (3)
development (3)
development survey (3)
devops automation (3)
gdpr (3)
governance (3)
gpl (3)
groovy (3)
heartbleed (3)
ivy (3)
javadoc (3)
jboss (3)
ldap (3)
maven shell (3)
nexus 1.6 (3)
nexus repository manager (3)
open source policies (3)
p2 (3)
peaberry (3)
reference architecture (3)
rpm (3)
rundeck (3)
scripting (3)
software security (3)
spring (3)
supply chain management (3)
support (3)
thenexus (3)
vulnerability disclosure (3)
2 minutes (2)
2014 survey (2)
2015 (2)
A9 (2)
Ansible (2)
AppSecUSA (2)
Application Vulnerabilities (2)
Bamboo (2)
Black Duck (2)
Black Hat (2)
Bower (2)
CVE (2)
Cisco (2)
Community Spotlight (2)
Component Manager (2)
DAST (2)
DZone (2)
Dashboard (2)
Docker Swarm (2)
Enterprise DevOps (2)
FS-ISAC (2)
FS-ISAC controls (2)
Gary McGraw (2)
HA (2)
HackNYC (2)
Helios (2)
High Availability (2)
IDE integration (2)
IoT (2)
IoT Cybersecurity Improvement Act of 2017 (2)
JAX 2010 (2)
JavaZone (2)
Jez Humble (2)
MSE (2)
Mark Driver (2)
Matthew McCullough (2)
Maven 101 (2)
Maven 201 (2)
Maven Mechanics (2)
Maven Release plugin (2)
Medical Device Security (2)
NMaven (2)
NXRM (2)
Nexus Platform (2)
Nexus Pro CLM Edition (2)
OSS logistics (2)
OpenShift (2)
Policies (2)
Puppet Labs (2)
PyPI (2)
Release Management (2)
Research in Motion (2)
SAST (2)
SSL (2)
SSL Connectivity (2)
SVN (2)
Software Liability (2)
Tomcat (2)
Toolapalooza (2)
analyst report (2)
api (2)
appengine (2)
application health check (2)
archives (2)
artifacts (2)
audio (2)
automation (2)
books (2)
brian (2)
central maven repository (2)
challenge (2)
chariot solutions (2)
cloud (2)
compliance as code (2)
component vulnerability (2)
configuration (2)
continuous deployment (2)
cultural transformation (2)
customers (2)
dependencies (2)
devops tools (2)
docker security (2)
editor (2)
enterprise (2)
epub (2)
failsafe (2)
flex (2)
german (2)
httpclient (2)
indexer (2)
information security (2)
interview (2)
junit (2)
known vulnerability (2)
license risk (2)
license risks (2)
licensing (2)
management (2)
microservices (2)
national vulnerability database (2)
nexus 2 minute challenge (2)
nexus IQ server (2)
nexus oss (2)
open source hygiene (2)
open source review boards (2)
open source risk (2)
open source risk management (2)
open source risks (2)
owasp top 10 (2)
password (2)
pax (2)
performance (2)
plexus (2)
podcast (2)
remote code execution (2)
respository managers (2)
rsac 2018 (2)
ruby (2)
security breach (2)
security vulnerabilities (2)
settings (2)
shift left (2)
smart proxy (2)
snapshot (2)
software supply chain automation (2)
software supply chain governance (2)
software supply chain hygiene (2)
source (2)
struts breach (2)
summit (2)
surefire (2)
tips (2)
trusted software alliance (2)
verizon data breach report (2)
visual studio (2)
vulnerabilities (2)
vulnerability (2)
vulnerable components (2)
windows (2)
women in devops (2)
xml (2)
(ISC)2 (1)
2017 (1)
2017 All Day DevOps (1)
451 Research (1)
API tooling (1)
Advanced Binary Matching (1)
AnDevCon II (1)
Apache httpd (1)
Apple (1)
Application Delivery Toolchain (1)
Application Insight (1)
Archiva vs. Nexus (1)
Artifactory vs. Nexus (1)
Automated Policies (1)
BOSS index (1)
Banking (1)
Black Duck Software (1)
Black Duck vs. Sonatype (1)
BoF (1)
Brian Fox (1)
CLM dashboard (1)
CSO (1)
Checksum (1)
Cigital (1)
Cleanup (1)
Component Management (1)
Container Security (1)
Contegix (1)
Continuous Advantage (1)
Crosskey (1)
Cyberliability (1)
DecSecOps (1)
Department of Defense (1)
DevOps Dozen (1)
DevOps Express (1)
DevOps transformation (1)
DevOps.com (1)
Development strategy (1)
Devnexus 2010 (1)
Eclipse Day (1)
Eclipse Foundation (1)
Eclipse Indigo (1)
Eclipse Summit Europe (1)
Emerging Technologies (1)
Enterprise Repository Management (1)
Enterprse (1)
Extended Coverage (1)
FDA (1)
Failover (1)
FannieMae (1)
Forrester (1)
Fortify (1)
GSA (1)
GetChef (1)
GetSatisfaction.com (1)
Git LFS (1)
Golden Repository (1)
Google Container Registry (1)
GovReady (1)
Guest (1)
HP Partnership (1)
HTTPS/SSL (1)
Harry Weller (1)
Hudson Professional (1)
IT Supply Chain (1)
Imperva (1)
InfoSec (1)
Information Security Study (1)
Innovators (1)
IntelliJ IDEA, (1)
Intuit (1)
JAX (1)
JAXenter (1)
JRuby (1)
JaCoCo (1)
Java9 (1)
JenkinsCI (1)
Linux (1)
MVN 201 (1)
Matrix (1)
Matrix Professional (1)
Maven Enforcer plugin (1)
Maven Jetty plugin (1)
Maven best practices (1)
Maven by Example (1)
Maven meetup (1)
Mesosphere (1)
Microsoft (1)
NEA (1)
NPM support (1)
NSA (1)
Nexus 1.9 (1)
Nexus 2.1 (1)
Nexus 2.3 (1)
Nexus 2.7 (1)
Nexus 3.0 (1)
Nexus Best Practices (1)
Nexus CLM (1)
Nexus Jenkins Plugin (1)
Nexus Milestone (1)
Nexus REST API (1)
Nexus Repository Pro (1)
Nexus UX Design (1)
Nexus artifacts (1)
Nexus solutions (1)
Nexus vs BlackDuck (1)
Nexus vs Whitesource (1)
Nexus vs. Artifactory 2015 (1)
OSGi Alliance (1)
OSS compliance (1)
OSS projects (1)
OSSRH (1)
OSVDB (1)
OneOps (1)
Open Shift (1)
OpenChain (1)
OpenEJB (1)
Oracle (1)
Paris (1)
Philadelphia (1)
Procurement (1)
Product Strategy (1)
RCP applications (1)
Rebellabs (1)
Reporting (1)
Repository Health Check Software Bill of Materials (1)
Roller (1)
Ruby Gems language (1)
Ruby binary support (1)
Ruby on Rails (1)
SANS (1)
Selenium (1)
Software Development Infrastructure (1)
Sonatype Development Insight for Eclipse (1)
Sonatype Suite (1)
Sonatype vs BlackDuck (1)
Sonatype vs Whitesource (1)
Sonatype webinars (1)
State of the Software Supply Chain (1)
Sucess Metrics, DevSecOps, Dashboard (1)
Supply Chain Intelligence (1)
Teamwork (1)
The Q&A Corner (1)
ThreadFix (1)
Twistlock (1)
Twitter (1)
VictorOps (1)
Vor Security (1)
WalMart (1)
XebiaLabs (1)
Xstream (1)
YouTube (1)
Yum Hosted (1)
advanced maven (1)
air (1)
analytics (1)
announcement (1)
apache software foundation (1)
appdev (1)
application health (1)
application healthcheck (1)
archetypes (1)
artifactId (1)
asf (1)
audio. interview (1)
awards (1)
aws (1)
backup (1)
backups (1)
bash (1)
bechtolsheim (1)
benchmarks (1)
binary repository (1)
bitbucket (1)
blackboard (1)
blackhat (1)
board of directors, (1)
book review (1)
bookmarking (1)
branding (1)
build (1)
build managers (1)
business (1)
byldan (1)
capture the flag (1)
ceo (1)
checkstyle (1)
cheeseburger risk (1)
ci (1)
clean code (1)
clojure (1)
code (1)
code scanning (1)
codehaus (1)
codes (1)
component characteristics (1)
component development (1)
component governance (1)
component licensing (1)
component policies (1)
conference (1)
confluence (1)
congress (1)
continuous (1)
continuous development (1)
crypto-mining (1)
css (1)
damon edwards (1)
darkReading (1)
data breaches (1)
data privacy (1)
data protection (1)
data security (1)
default (1)
deming (1)
department of homeland security (1)
dependency injection (1)
deployment (1)
deserialization (1)
detection (1)
developer centric (1)
development infrastructure (1)
development tool chain (1)
deveops (1)
devop days (1)
devops best practices (1)
devops connect (1)
devops sec (1)
devosp (1)
devsecops day (1)
dhs (1)
discovery (1)
dotnet (1)
download (1)
droid (1)
eclipse magazine (1)
eclipse plugin (1)
eclipseCon 2010 (1)
emma (1)
encryption (1)
enforcer plugin (1)
engineering (1)
engineers (1)
enteprise (1)
enunciate (1)
esxi (1)
feedback (1)
g2one (1)
game show (1)
giants (1)
government (1)
grad (1)
grafeas (1)
grails (1)
gwt (1)
hackers (1)
header (1)
heartbleed bug (1)
help (1)
hipchat (1)
hippo (1)
history (1)
hosted repositories (1)
how to video (1)
hurricane (1)
iPad 3G (1)
ide (1)
images (1)
index (1)
industry guidelines (1)
industry stats (1)
innovation (1)
insight for jenkins (1)
integration (1)
internet of everything (1)
java 7 (1)
java one (1)
jetspeed (1)
jfokus (1)
john willis (1)
jsr330 (1)
jug (1)
justin (1)
lean enterprise (1)
legal (1)
legos (1)
lessons learned (1)
lgentries (1)
licenses (1)
lifecycle (1)
m2ecl (1)
manual policies (1)
manual review processes (1)
masa (1)
maturity model (1)
maven ant how-to conversion (1)
maven stack (1)
maven3 (1)
meetup (1)
migration (1)
minecraft (1)
minishift (1)
mirrors (1)
mixin (1)
mobile (1)
monitor (1)
multi-level staging (1)
mythbusters (1)
nader (1)
neglected 90 (1)
neo4j (1)
new features (1)
new release (1)
new updated version central search (1)
nexus 2.6 (1)
nexus api (1)
nexus futures (1)
nexus index (1)
nexus repositories (1)
nginx (1)
npmgate (1)
nvd (1)
oauth (1)
object oriented (1)
onboarding (1)
online developer conference (1)
open source business (1)
open source growth (1)
open source nexus (1)
open source security risks (1)
open ssl (1)
openid (1)
oreilly (1)
ossindex.net (1)
outreach (1)
pdf (1)
philosophy (1)
phoenix project (1)
pivotal spring (1)
plain text (1)
plug-in (1)
poodle (1)
port (1)
portals (1)
press (1)
private repository (1)
product management (1)
python (1)
raible (1)
real world experiences (1)
rebrand (1)
recipe (1)
registry (1)
remote (1)
report (1)
repositories (1)
repository manager market share (1)
responsible disclosure (1)
risk analysis (1)
risk management (1)
root cause analysis (1)
ruby gems (1)
rugged (1)
ruggeddevops (1)
saas (1)
seam (1)
secure software supply chain (1)
security advisory (1)
security and licensing risk (1)
security design (1)
security risks (1)
securosis (1)
simplifyops (1)
simpligility technologies (1)
software development (1)
software hackers (1)
software supply chain API (1)
software supply chain. devops (1)
software testing (1)
sonatype meetup (1)
sonatype momentum (1)
sonatype open source development survey (1)
sonatype pro (1)
source code (1)
spring framework vulnerability (1)
spring vulnerability (1)
springsource (1)
stackoverflow (1)
stats (1)
studio (1)
survey data (1)
sysadmin (1)
target (1)
thought leaders (1)
tim pettersen (1)
tool chain (1)
transaction manager (1)
user token (1)
username (1)
ux (1)
vc (1)
velocity (1)
version (1)
videos (1)
virtual conference (1)
visualstudio (1)
vmware (1)
wait wait (1)
waterfall (1)
web applications (1)
web attacks (1)
webinars (1)
webpack (1)
weld (1)

see all

The Latest in DevSecOps

Recent Posts

Posts by Topic

The Latest in DevSecOps

Get Blog Updates

Recent Posts

Posts by Topic