Skip to content

Sonatype Blog
Syndicate content
Blogs about software supply automation, devops, open source, continuous delivery, application security.
Updated: 3 min 55 sec ago

Do You View Your AppSec Tools as an Inhibitor to Innovation or a Safety Measure?

Thu, 03/23/2017 - 15:00
DevOps is all about making better software faster.  It also requires making it more safely while compressing the time between ideation to realisation. I hear IT organisations tell me time and time again of their ambitions to be the innovation power-house for their business - so it’s great news...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: Eat Carrots, Not Cupcakes

Thu, 03/23/2017 - 15:00
You Are What You Eat.   When it comes to food, we all know what’s considered “good” and what’s “bad”.

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: A More Deterministic Approach

Wed, 03/22/2017 - 15:00
Is security an inhibitor to DevOps agility? To answer this question we would need to take a quick look at differences between DevOps, QA and Security when it comes to automation issues.

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: In Time for Security

Wed, 03/22/2017 - 15:00
Changing Mindsets. Historically developers have prioritized functional requirements over security when building software.  While secure coding practices important, they have often fallen into secondary or tertiary requirements for teams building applications against a deadline.

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: Slaying the Myths of Container Security

Tue, 03/21/2017 - 11:06
Containers are clearly appealing for companies and development teams who want to deliver and iterate on their software faster and efficiently. This is achieved through more consistent, simple and repeatable deployments, rapid rollback, and simpler ways of orchestrating and scaling distributed...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: Integrating Automated Security Controls

Tue, 03/21/2017 - 11:05


To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps: Embracing Automation While Letting Go of Tradition

Tue, 03/21/2017 - 11:04
While I am all for traditions like Thanksgiving turkey and Sunday afternoon football, holding onto traditions in your professional life can be career limiting. The awesome thing about careers in technology is that you constantly have to be on your front foot.  Because when you’re not, someone,...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Sonatype on Federal News Radio

Thu, 03/16/2017 - 20:32
Listen to Matt Howard, Executive Vice President and Chief Marketing Officer at Sonatype, on Federal News Radio as he discusses the demand for quality open source components. 

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Apache Struts Vulnerability: Live Updates

Thu, 03/16/2017 - 14:18
  Update: 2:33 pm EST, 16 March 2017 - Struts2 Exploits in Japan   More Struts2 breaches in the wild.  This time in Japan (links go to Japanese sites):   Japan Post breach using Apache Struts2 vulnerability leads to 29,000 account...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Setting up a Docker Private Registry with Authentication Using Nexus and Nginx

Wed, 03/15/2017 - 14:00
This article shows how you can set up a Docker Private Registry with authentication and SSL using Nexus Repository OSS. Nexus Repository OSS is a universal repository manager with support for all major package formats and types. It’s a free solution for storing and sharing Docker images and...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Setting up a Secure, Private Nexus Repository

Mon, 03/13/2017 - 16:08
What an exciting first post, I’m sure. But it’s what I’m working on, I suppose. A few things, first: We’re using an LDAP server to identify team members. LDAP and Nexus are on different domains (though, possibly, the same machine). I’m not a system admin, so this is likely going to be...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Struts2 Exploited Again.  Did Anyone Bother to Tell You?

Fri, 03/10/2017 - 23:12
This week we saw the announcement of yet another Struts 2 Remote Code Exploit (RCE) vulnerability. What's notable about this instance is that POC code seems to have been released into the wild either just before, or immediately after the disclosure.  As was the case with previous Struts1...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Set up your own Continuous Delivery Stack

Fri, 03/10/2017 - 15:00
Last week I wanted to try new things with ‘pipeline as code’ with Jenkins. The best way to try new things is running it as Docker containers. This way I can keep my MacBook clean and don’t mess up existing stuff I am working on (also see this article about what Docker can offer for a developer)....

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Securing Immutable Servers in a Serverless World

Fri, 03/10/2017 - 15:00
Securing Immutable Servers in a Serverless World Snowflakes are beautiful, unique creations. But, let’s keep them in nature. They don’t belong in our server infrastructure. Snowflake servers, where every configuration is just a little different, can introduce unnecessary security vulnerabilities...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

When it Comes to Application Security, “Doing Your Homework”​ Matters

Thu, 03/09/2017 - 15:00
They say software is eating the world, very true, but it has become even more clear that OSS components are eating the software world. This amazing revolution is driving unimagined gains in innovation and efficiency in our ability to deliver software. Think Uber, here is a new leader in the...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Improving Build Time of Java Builds on OpenShift

Wed, 03/08/2017 - 15:00
Improving Build Time of Java Builds on OpenShift Since we released OpenShift 3 back in July 2015, one of the most common questions I get from developers is how to get better build time for Java based builds. In this post, I will guide you through the process of speeding up Java Maven based...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

DevSecOps is Suddenly Strategic for Everyone in Software:  Here's Why

Tue, 03/07/2017 - 21:29
Software innovation is the core of every company's digital transformation; the strategic weapon by which modern organizations compete and win on a global playing field.  This is why executives and shareholders at every company, in every industry, are placing intense pressure upon IT teams...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

AppSec EU 2017 Belfast – What to Expect

Tue, 03/07/2017 - 15:00
In mid-May I’ll be joining the organizing team of AppSec EU 2017 in Belfast for a week of security and DevOps sessions. Listen in as Gary Robinson, Michelle Simpson and Owen Pendlebury talk about what’s planned for the week.

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Using Nexus 3 as Your Repository – Part 3: Docker Images

Mon, 03/06/2017 - 15:00
This is the third and last part of a series of posts on Nexus 3 and how to use it as repository for several technologies. (Part 1. Part 2.)

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies

Culture Hacking at RSAC 2017 with Shannon Lietz

Fri, 03/03/2017 - 15:00
On Monday, February 13, Shannon Lietz gave a quick, 20 minute overview of her investigations and implementation of Culture Hacking at Intuit. Below is the extended version of that presentation, including audio and the slide deck. Shannon will continue this discussion at her keynote presentation...

To read more, visit our blog at www.sonatype.org/nexus.
Categories: Companies