Skip to content

Sonatype Blog
Syndicate content
Blogs about software supply automation, devops, open source, continuous delivery, application security.
Updated: 11 hours 8 min ago

Promise Theory and DevOps

Fri, 04/21/2017 - 14:00
Mark Burgess (@markburgess_osl) is a theoretical physicist, but in his keynote at the 2016 All Day DevOps conference, he talked more about economics and human interactives than physics. What does either have to do as the keynote for a conference on DevOps?

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevOps Intelligence Changes the Game

Fri, 04/21/2017 - 14:00
One of my favorite parts of the novel The Phoenix Project is when Bill Palmer, DevOps hero and VP of IT Operations for the fictional company “Parts Unlimited” has a light bulb moment about the central importance of IT to the business.

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Nexus 3.3 Delivers Free Next-Gen Repository Health Check and Git LFS Support

Thu, 04/20/2017 - 14:00
Sonatype is excited to announce the immediate availability of Nexus Repository 3.3 in OSS and Pro editions.  What’s in this latest release?  We’re glad you asked:   Next-Generation Repository Health Check We first introduced Repository Health Check (RHC) in 2012.  Now, every...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Nexus Firewall Grows with Support for PyPI

Wed, 04/19/2017 - 07:00
All Parts Are Not Created Equal According to the recent DevSecOps Community survey, 80 - 90% of a modern application is assembled using open source and third party components.  This is true whether you develop in Java, .NET, Ruby, Python or any other language.  While these components...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Sonatype Nexus 3 launches into Mesosphere DC/OS

Tue, 04/18/2017 - 12:00
Today we are excited to announce the availability of the incredibly popular repository manager and private container registries, Nexus Repository, on DC/OS.  Among its many benefits, Nexus Repository will deliver the first, free, enterprise-scale private Docker registry to the Mesosphere DC/OS...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

The Nexus Exchange: 30 new integrations from the community

Mon, 04/17/2017 - 12:05
Introducing the Nexus Exchange. Over the years, members of the Nexus Community have created interesting and useful integrations with our products.  The list of projects has grown to the point where we need a central location to manage them. Today, we launch the Nexus...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

Mon, 04/17/2017 - 12:00
Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines Many organizations are quickly maturing their CI/CD practices in the hopes of winning the innovation battle. But where do security and governance practices fit in? As organizations embrace DevOps, quality and security cannot...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

GitHub Integration with Nexus Lifecycle

Mon, 04/17/2017 - 12:00
Sonatype's development team regularly schedules "innovation days" that allow team members time to focus on building projects that we believe will benefit our Nexus community.  In one of the recent innovation days, I built a new integration between GitHub, Jenkins, and Nexus Lifecycle that we...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

The Open Source Software Index is BOSS!  Here's Why.

Mon, 04/10/2017 - 02:21
Yesterday Dharmesh Thakker and his colleagues at Battery Ventures unveiled the Battery Open-Source Software Index.  The BOSS Index is the result of a significant and thoughtful research effort designed to (a) empirically rank the relative popularity of open-source software...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Improve Your Karma with DevOps Culture in a Box

Sat, 04/01/2017 - 16:00
Growth in DevOps practices have become possible largely due to a combination of new automation tools and well-established agile engineering practices, but these are not enough for any organization to take DevOps to the next level. Even when equipped with the best tools and most talented staff,...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Do You View Your AppSec Tools as an Inhibitor to Innovation or a Safety Measure?

Thu, 03/23/2017 - 15:00
DevOps is all about making better software faster.  It also requires making it more safely while compressing the time between ideation to realisation. I hear IT organisations tell me time and time again of their ambitions to be the innovation power-house for their business - so it’s great news...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: Eat Carrots, Not Cupcakes

Thu, 03/23/2017 - 15:00
You Are What You Eat.   When it comes to food, we all know what’s considered “good” and what’s “bad”.

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: A More Deterministic Approach

Wed, 03/22/2017 - 15:00
Is security an inhibitor to DevOps agility? To answer this question we would need to take a quick look at differences between DevOps, QA and Security when it comes to automation issues.

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: In Time for Security

Wed, 03/22/2017 - 15:00
Changing Mindsets. Historically developers have prioritized functional requirements over security when building software.  While secure coding practices important, they have often fallen into secondary or tertiary requirements for teams building applications against a deadline.

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: Slaying the Myths of Container Security

Tue, 03/21/2017 - 11:06
Containers are clearly appealing for companies and development teams who want to deliver and iterate on their software faster and efficiently. This is achieved through more consistent, simple and repeatable deployments, rapid rollback, and simpler ways of orchestrating and scaling distributed...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: Integrating Automated Security Controls

Tue, 03/21/2017 - 11:05


To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: Embracing Automation While Letting Go of Tradition

Tue, 03/21/2017 - 11:04
While I am all for traditions like Thanksgiving turkey and Sunday afternoon football, holding onto traditions in your professional life can be career limiting. The awesome thing about careers in technology is that you constantly have to be on your front foot.  Because when you’re not, someone,...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Sonatype on Federal News Radio

Thu, 03/16/2017 - 20:32
Listen to Matt Howard, Executive Vice President and Chief Marketing Officer at Sonatype, on Federal News Radio as he discusses the demand for quality open source components. 

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Apache Struts Vulnerability: Live Updates

Thu, 03/16/2017 - 14:18
  Update: 2:33 pm EST, 16 March 2017 - Struts2 Exploits in Japan   More Struts2 breaches in the wild.  This time in Japan (links go to Japanese sites):   Japan Post breach using Apache Struts2 vulnerability leads to 29,000 account...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Setting up a Docker Private Registry with Authentication Using Nexus and Nginx

Wed, 03/15/2017 - 14:00
This article shows how you can set up a Docker Private Registry with authentication and SSL using Nexus Repository OSS. Nexus Repository OSS is a universal repository manager with support for all major package formats and types. It’s a free solution for storing and sharing Docker images and...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies