Skip to content

Sonatype Blog
Syndicate content
Updated: 7 hours 39 min ago

Two AppSec Questions Always Asked

Thu, 07/24/2014 - 19:26
While Repository Health Checks are valuable, we just released something even better: the CLM 1.11 Dashboard. First of all, it helps you answer the first two critical open source vulnerability questions: did we ever use that and where is it? And, you can find out the answers to those questions in...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Trusting Third-Party Code That Can’t Be Trusted

Tue, 07/22/2014 - 23:05
Paul Roberts (@paulfroberts) at InfoWorld recently shared his perspective on “5 big security mistakes coders make”. First on his list was trusting third-party code that can’t be trusted. Paul shares: “If you program for a living, you rarely -- if ever -- build an app from scratch. It's much more...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Are You Choosing the “Right” Component?

Thu, 07/17/2014 - 21:37
In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are the building blocks used when creating an application, selecting the right one is an important choice. Not surprisingly, the most important...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Stewing Over Software Ingredients

Tue, 07/15/2014 - 20:21
Just the other day I was planning dinner for my family and thought it would be a great idea to bust out the Dutch oven I had to have, but rarely use, and make a nice stew. I ran to the grocery store to grab some fresh carrots, turnips, onions, a couple of Yukon Gold potatoes, and some fresh chicken...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

The Atlassian Story with guest Tim Pettersen on Nexus Live

Fri, 07/11/2014 - 17:56
Developers around the world are using BitBucket, Stash, Confluence, Jira and HipChat to help manage their projects. In the July 31 installment of Nexus Live, we’ll talk with Tim Pettersen, Developer Advocate at Atlassian.  We’ll find out what’s in store for future releases and how...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Lessons of Youth: A License to Use

Fri, 07/11/2014 - 16:03
I can still recall (it actually pains me to count the years, so I refuse to) with perfect clarity the sound of my 1200 baud modem handshaking with my neighborhood’s local BBS. It’s a sound that so consistently produces a smile for me, I liken it to the crisp smell of air just before rain begins to...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Open source components, a fine vintage or sour milk?

Tue, 07/08/2014 - 23:06
The U.S. recently overtook France as the world’s largest wine market. And here at Sonatype, we can proudly say we’ve contributed to this achievement. By not only consuming our fair share of wine but by also being involved -- outside of work -- in crafting our own wines. Over the 4th of July...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Securosis Dives Deep into our 2014 Survey

Wed, 07/02/2014 - 21:26
There are two ways to motivate others to action: emotional appeal and fact based analysis. Our 2014 Open Source and Application Security survey results touched on both. We've run this survey for the past four years, but this time we decided to reveal the results in a new way. Rather than let our...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Nexus holds the top market share, the data speaks for itself

Thu, 06/26/2014 - 15:58
RebelLabs recently put out their Java Tools and Technologies Landscape report and we were very pleased to see Nexus chosen as the repository manager of choice by 64% of developers. We saw this same preference carry over in our own recent Open Source Development survey, where 49% of respondents...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

We’re bringing sexy back, Sonatype hits the catwalk

Tue, 06/24/2014 - 21:07
Enthusiasm for securing the software supply chain is growing in both conversation and practice. For the past year, Sonatype has called for a new approach to securing the software supply chain that gives organizations an opportunity to protect their business and their applications from hacker...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

The 2014 Survey: Marked by an Industry Shock Wave

Fri, 06/20/2014 - 17:20
Wow! What an amazing turnout we had for our 4th annual survey: 3,353 participants this year brings us to over 11,000 participants in the four years we’ve run this survey. I would like to extend a BIG THANK YOU to all who participated! The survey started with a bang and was quickly followed by a...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Walking in the Open Source Component Garden

Tue, 06/17/2014 - 18:53
Its not everyday I can stop to enjoy my afternoon tea outside on my deck, overlooking my garden. But today I did and while admiring my beautiful blooming flowers, I started to draw some parallels between my garden and software development. Full disclosure, I wouldn't consider myself a true...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

3 Reasons Manual Policies Just Don’t Work

Tue, 06/10/2014 - 21:20
Over the past four years, Sonatype has surveyed open source development organizations and year after year, we find that developers have the best intentions. They strive to build good quality code, free of defects and flaws but when it comes to policies that enforce these standards, the manual...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Book Update: Repository Management with Nexus

Tue, 06/10/2014 - 18:53
With the recent release of Nexus 2.8, we’ve updated the online documentation, Repository Management with Nexus (2.8). The most recent addition to the documentation has been the inclusion of a comprehensive search. For a book this size, this is an essential resource for finding what you need....

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Nexus and RunDeck: Tools for DevOps

Thu, 06/05/2014 - 22:41
In today’s Nexus Live Broadcast, Damon Edwards and his team from SimplifyOps introduced us to RunDeck, open source software that helps automate routine operational procedures in data center or cloud environments. He is seeing Nexus in many of his enterprise environments, so I thought it would...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

5 Things You Need to Know About Open Source Components

Wed, 06/04/2014 - 23:04
You can't get away from it. Thousands of open source components are being used in every industry, every day, to quickly build and deploy applications. For those not in the security industry, it's hard to keep track of what is being done in this field to manage and monitor open source usage. This...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

RebelLabs Java Survey Results: Developers Love Nexus

Mon, 06/02/2014 - 18:51
Another informative and well-presented RebelLabs survey has hit the streets. Their 2014 Java Tools and Technologies Landscape report was just released and hats off to them for 'their better than ever response rate' and their good will for charity donations from each completed survey response. This...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies

Replace plain text username and password with a user token – The Nexus 2 Minute Challenge

Mon, 06/02/2014 - 18:20
In this segment of the Nexus 2 Minute Challenge,  we’re going to look at the Nexus User Token feature. The user token relates to the username and password that is used to connect to Nexus. In this  example, there is a Maven .xml file  where the username and password is in clear text.  This is...

To read more, visit our blog at blog.sonatype.com.
Categories: Companies