Open Source Changes Fast. Can You Keep Up?
Bouncy Castle. Do those words mean anything to you? If you are a Java developer, you might know that Bouncy Castle is an encryption library often used to generate secure hash codes and encrypt data. In other words, it is a silly project name for a serious purpose. Do you any know that old, released versions of Bouncy Castle have known security vulnerabilities? I’m not writing this to cast a shadow of doubt on the project. Bouncy Castle is an awesome open source library, as is the Spring framework, Commons HttpClient, Tomcat, and Jetty. What Bouncy Castle has in common with all of these other open source components is that old versions of each project have known security vulnerabilities.
There’s a good chance that you might not be focused on this problem. You might not be constantly evaluating your project’s dependencies to analyze the risks.
(more…)
Reduce your development time and lower risk with Enterprise Repository Management
We’ve added a new webinar to the Sonatype series: Enterprise Repository Management.
Do you develop Java applications using open source software artifacts from Maven Central? If so, and you aren’t yet using a local repository manager, you need to attend this webinar. In this session you’ll learn how an enterprise repository manager can reduce development time, improve quality, enable greater internal collaboration, and reduce risk. Register now to learn how repository management can help your organization.
- Date: Tuesday, April 19, 2011
- Time: 1:00PM EDT (GMT – 04:00)
- Duration: 30 minutes
- Presenter: Brian Fox, Sonatype Vice President of Engineering
- To register, please click here
Developing with Eclipse and Maven
Sonatype books are the essential references for anyone working with Apache Maven, repository management, and integrating Maven with Eclipse.
Learn best practices, central concepts, and complete integration for Maven, Nexus Professional, and m2eclipse. Sonatype books offer the latest content for the software development tools you depend on.
The fourth book in our series of books available for downloading is Developing with Eclipse and Maven.
In this book you will learn how to fully integrate Maven with Eclipse, the world’s most widely used IDE for Java development.
Why Maven?
Maven is a software build tool, but it is much more than that. Maven is also a project management tool. It is designed to be flexible, easy, and intuitive – to be a more efficient and comprehensive build tool.
Why Eclipse?
Eclipse is the most widely used IDE for Java development today. Eclipse has a huge amount of plugins and an innumerable amount of organizations developing their own software on top of it. Quite simply, Eclipse is ubiquitous. The m2eclipse project provides full integration for Maven within the Eclipse IDE.
Now Available: Central download statistics for OSS projects
Maven Central contains over 260,000 artifacts and serves over 70 million downloads every week. It has become the principal resource for exchanging Java artifacts with demand doubling year over year. Getting artifacts into Central is the most effective way to get your software to developers since every build tool that can download Java libraries knows where to look for a world of libraries and dependencies, and that single, authoritative place is Maven Central.
Earlier this year, we announced the availability of official repositories in the UK to improve performance for the users in Europe. Today we are making the artifact download statistics available to the projects whose artifacts are served by Central. This has been one of the most frequently requested features by project teams. Since the raw Central logs are larger than seven gigabytes every day, processing this data is no small undertaking.
The statistics are available to all projects hosted using Nexus at http://oss.sonatype.org, http://repository.apache.org and http://nexus.codehaus.org. These three avenues represent the majority of projects actively contributing artifacts. Nexus’ security mechanism already in place on these instances provides a mapping of repository path to project which allowed us to easily roll up the counts for each team. Read more to find out how to access your project’s statistics. (more…)
NYJavaSIG monthly meeting this week
The NYJavaSIG will be holding their monthly meeting this week, and Sonatype founder Jason van Zyl is attending to present on Next Generation Development Infrastructure. The NYJavaSIG is a technical community comprised of Java software engineers, Java application designers, technical managers and new media Java developers that have a common interest in all aspects of Java Technology. They currently have over 6,500 members.
Event details:
- Location: Credit Suisse – 11 Madison Avenue, New York, New York (see map below)
- Date: November 18, 2010
- Time: 6:30pm-8:30pm
- Event Website: http://www.javasig.com/meeting/show/35
