Webinars

Learn how experts accelerate software innovation.

How to Safeguard Your Software Supply Chain

Sonatype CTO, Brian Fox and Guest Speaker, Forrester  Senior Analyst, Janet Worthington, join forces to shed light on; crucial data and insights for industry leaders, the significance of SCA testing, and the proactive measures teams take to brace themselves against future cyberattacks. They will delve into the implications of the ever-growing software supply chain regulations and the need for better OSS consumption practices.

ON DEMAND

DevOps Downloads

Welcome to ‘DevOps Download'—your premier developer webinar series. Immerse yourself in these dynamic one-hour sessions as we explore the intricacies of software development, accompanied by live Q&A sessions with industry experts. We’ll explore critical topics such as binary repository, supply chain management, dependency management, vulnerabilities, malicious components, and open source contributions. Don't miss out on the chance to level up your DevOps game with us!

REGISTER NOW

Power of SBOMs: Securing the Software Supply Chain w/ Sonatype, AWS, and DXC

As Software Bills of Materials (SBOMs) become imperative for technology providers, Sonatype, AWS, and DXC have put together an expert panel to provide a deep dive on the topic.

This exclusive two-part webinar series offers a comprehensive view of SBOMs to clarify their purpose, use cases, and significance in advancing software transparency, compliance, and security.

ON DEMAND

New on the Naughty List: Unwrapping the Struts2 Vulnerability

While many developers are preparing for a much needed holiday break, yet another remote code execution vulnerability in Apache’s Struts2 Framework has been discovered, the same used to compromise Equifax. 

While not as severe as a case such as Log4j, these instances demonstrate that open source is aging like milk not wine.

ON DEMAND

Predictions Webinar CISO

Prepare to embark on a knowledge-packed journey in our upcoming webinar, 2024 Predictions: What Every CISO Needs to Know. In the dynamic landscape of cybersecurity, staying ahead of emerging trends and challenges is paramount. We invite you to join this insightful discussion, where we delve into the critical insights that are essential for CISOs as they navigate the ever-evolving cybersecurity terrain.

ON DEMAND

Predictions Webinar DevOps

Our upcoming webinar “Looking ahead: Top 5 trends every DevOps Manager needs to know for 2024,” breaks down our predictions (backed by a ton of research) for what DevOps leads will need to address as the development world continues to transform. Packed with insights to evolve your strategies and impress your boss, this webinar will give participants practical tips, knowledge and tools to excel in this rapidly changing landscape.

ON DEMAND

Insights from the 9th Annual State of the Software Supply Chain Report

In this webinar, Brian Fox, Co-Founder and CTO, Sonatype will present results from our 9th Annual State of the Software Supply Chain report, which answers this question. Hint - it’s not just the introduction of AI. From the past 9 years, we know that developer productivity soars when there is access to superior tools and better open source components, enabling developers to be the driving force behind better security and better products.

ON DEMAND

All Day DevOps 2023

All 180 sessions from All Day DevOps 2023 are now available on-demand! Sessions cover six tracks from CI/CD, Modern Infrastructure, Site Reliability Engineering, and more.

ON DEMAND

DevSecOps Summer Stories: Webinar Series

This summer we’re launching a new webinar series, 'Summer of Software Supply Chain Security', where we sit down each week with a Sonatype customer, including BMW, Kamer van Koophandel (KVK), and Discovery, to gain valuable insight, practical tips and actionable strategies from their experience in the world of Software Supply Chain Management.

 

ON DEMAND

Beyond the Numbers: Practices that Truly Matter for CISOs and Application Security Leaders

At this discussion you will learn ways to:

- Benchmark your organization against peers

- Establish or evolve your metrics to better assess and communicate risk to key stakeholders

- Successfully mitigate against new threats, including open source malware

- Improve collaboration with key functions, such as software engineering, to enable frictionless innovation

- Effectively advocate for budget in economic headwinds

ON DEMAND

DevSecOps Leadership Forum: Revolutionizing Financial Services through DevSecOps Automation

Hear high-profile financial service enterprises share ways software supply chain management is at the forefront of their organization’s digital transformation and powering faster innovation.

ON DEMAND

The White House Cybersecurity Strategy, SBOMS, and the Future of Software Supply Chain Security with Red Hat

Join Sonatype’s Brian Fox and Red Hat’s Michelle Davis as they provide pressing information on what Executive Order 14028 might mean for your organization, including:

- What is an SBOM? And why are they so important for application security?
- How SBOMs help identify and mitigate potential security vulnerabilities
- Different ways to effectively implement SBOMs in your organization

ON DEMAND

Threat Actors Want Access to Your SDLC -- Here's How to Secure Them

In this webinar you will learn the trends and impact of malicious software supply chain attacks, how DevSecOps can improve security without negatively impacting developer productivity, and see how Repository Firewall can protect your software supply chain and integrate with your existing toolset.

ON DEMAND

SBOMs: The Future in Healthcare

In this webinar, Dr Stephen Magill will discuss next steps on the FDA's latest guidance on medical devices, as well as the critical need for an SBOM you can actually monitor.

ON DEMAND

SBOMs: More Than Just Another Acronym

Our expert panel will discuss the benefits of SBOMs and their growing significance in the context of cybersecurity and risk management. We will also delve into best practices for implementing SBOMs, including tools and resources to help you get started.

As an interactive space, we welcome your questions and feedback throughout the session. Don't miss this opportunity to learn from industry experts and engage with your peers on this critical topic. Register now and join us for a lively and informative discussion.

ON DEMAND

Easily Stop Malware, Before Your Company Becomes Liable

Join Sonatype’s CTO Brian Fox, to discuss the current economic and political climate, that makes blocking malware from the start a mission-critical need for any organization that creates software.

ON DEMAND

Software Supply Chain Threat Landscapes...A Moving Target

Modern day software relies heavily on open source coding components. Software supply chain attacks have increased an average 742% per year over the last three years. While cybercriminals are nothing new, the intensity, volume, frequency, severity, and sophistication of malicious attacks are – becoming a major issue plaguing organizations around the world. Despite high-profile incidents like Log4j, organizations still lack the educational resources and tools to protect themselves against cybercriminals.

In this session Brian Fox, Co-Founder & CTO of Sonatype discusses relevant use cases to emphasize the problem and provides tangible, data-driven actions organizations can take to arm themselves against surging risks as well as actionable tools and methodologies to successfully mitigate open source security issues before they occur.

ON DEMAND

Watch on demand to know what to look for in a SBOM and how to evaluate open source and third-party components. Learn how to set up alerts and perform impact analysis for security and compliance issues in components. And, the data behind improving the security of your software supply chain. 

ON DEMAND

The hosts that covered the exploit in 2021, Brian Fox, CTO at Sonatype, Ilkka Turunen, Field CTO at Sonatype, and Steve Poole, Developer Advocate at Sonatype, come back together to explain the high-risk habits of open source consumers compared to project maintainers, the truth about transitive dependencies causing 6 out of 7 project vulnerabilities, the ripple of Log4j that sparked the Cybersecurity Executive Order and a movement to reveal hidden components, and how to stop a zero-day on the same day with a software supply chain fortified by transparency.

ON DEMAND

In this session, we’ll present the findings of Sonatype’s new 8th annual State of the Software Supply Chain Report. Come see which practices are backed up by data and learn how to efficiently manage your open source software supply chain.

ON DEMAND
YaExDtsyKZ6TKShdEhQZwa
Perception vs Reality: A Data-Driven Look at Open Source Risk Management

Join us as we cover the benefits, cautions, and best practices for implementing and running an artifact repository for your organization to ensure long-term success.

ON DEMAND
4HDU67cvQtwd2re1DeYc1x
Shift Left Workshop: Getting Started with Securing the Early Stages of Your SDLC
Join us as we sit down with featured guest Janet Worthington, Forrester Senior Analyst, and DevSecOps experts to discuss how peer organizations are addressing the challenge of software supply chain management.
ON DEMAND
obHzHM7rrM6a1PrXRcXUhz
Best Practices for Managing (and Supercharging) Your Software Supply Chain

Join our discussion with VP Product Innovation, Dr Stephen Magill, to learn the changes to software supply chain security management that we’ve seen since the 2021 Executive Order, why a software bill of materials is so vital in establishing more secure development, and software security best practices you can start implementing immediately.

ON DEMAND
2CHedE2UpxNWj6QBQnNymt
One Year Later: 2021 Cybersecurity Executive Order Impacts and What's Next in 2022

Join Sonatype Security Researcher, Ax Sharma for a comprehensive discussion to understand software supply chain integrity, practices to empower teams to put integrity first, and where they can find help to uphold a strong software supply chain.

ON DEMAND
MBNFdGmTKrTs9KKASum2Ba
A Master Class on Software Supply Chain Integrity: Attacks, Regulation, and Threat Prevention

Join this webinar to learn about the most common types of supply chain attacks, and what measures development teams can take to protect their software supply chain from these sorts of attacks. 

ON DEMAND
kKE5r9UmTYAkiaWDJe55Lo
Defending your Applications against Software Supply Chain Attacks

Comparable to the Struts vulnerability that caused the Equifax breach of 2017, this is just the beginning as the story still unfolds. Get the opportunity to ask questions and learn more as we cover everything you need to know now about Springshell

ON DEMAND
oUXpB6yTNNWC22UJrjMgmK
Spring4shell RCE Zero-Day: Everything You Need to Know

Join this 30 minute session to learn more about why the time is now to shift left, best practices for digital modernization, key findings from The 2021 State of the Software Supply Chain Report

ON DEMAND
H7uwdvWf3YZCYu3Xoqqs49
An Imminent Need to Secure the Federal Software Supply Chain in 2022

Join guest speaker Sandy Carielli of Forrester to learn about the growing threats to the software supply chain and how SCA tools can help mitigate risk and secure your code.

ON DEMAND
92b6G82Ks4JZEvDLBjzR4D
Using Independent Research to Select the Right Vendor to Secure your Software Supply Chain

Join us for an engaging, round-table conversation on what you need to know about managing open source and software supply chains in 2022. 

ON DEMAND
dojWa1f6vX3vCGZyQGLbTs
A Look into the Future: Software Supply Chains in 2022

In this 30 minute presentation, you'll learn how to identify and block security vulnerabilities in applications like Log4j, Solarwinds, and CodeCov attacks, find vulnerabilities in the software you've built, and more.

ON DEMAND

In this 30 minute presentation, you'll learn how to identify and block security vulnerabilities in applications like Log4j, Solarwinds, and CodeCov attacks, find vulnerabilities in the software you've built, and more.

ON DEMAND

Join our panel of Java and Apache Software Foundation experts to discuss anything and everything that has to do with Log4j, open source security and software supply chains. No presentations, no questions off limits, just answers to anything you feel like you still don't know about log4shell.

ON DEMAND
xSfroQhYskMeQcoecGVetc
Log4j: Ask Me Anything

Join our Java and Apache Software Foundation experts, Brian Fox, CTO at Sonatype , Ilkka Turunen, Field CTO at Sonatype, and Steve Poole, Developer Advocate at Sonatype as they discuss everything you need to know about the Log4j exploit. 

ON DEMAND

Join Matt Howard, EVP at Sonatype, and industry experts Steve Springett, Chair, Cyclone DX, and Mike Wilkes, CISO, SecurityScorecard as they discuss the recently released NIST Secure Software Development Framework (SSDF). 

ON DEMAND
gvfjqzYJ7yfPLEtexYA5C7
The Good and Bad of NIST's Secure Software Development Framework

Join our webinar as we demonstrate how we can help you understand and remediate your compliance and regulatory risk from OSS licenses and provide, per component, OSS legal compliance in 30 seconds or less.

ON DEMAND

Close out Cybersecurity Awareness Month with  Sonatype security researchers Ax Sharma and Juan Aguirre. Join us for an engaging conversation as they go over the major threats we saw in 2021, the attackers’ motivations, and what the future may bring. 

ON DEMAND
EFktW6pAFYQA665tyztsbB
Cyber Mayhem: 2021 Threats and What to Expect Next

The complexity of the modern software supply chain means developers are taking on more responsibility. However, the dilemma for today’s organization remains: how can you automate security and control to make it easier for developers to build great software?

ON DEMAND

In this talk, we'll share insights from our latest software supply chain research, which characterizes this risk for various languages and offers guidance for teams.

ON DEMAND

Join our webinar and see how Nexus Firewall lets you take the good and leave the bad, by quarantining non-compliant components at the door and enforcing open source policies during proxy.

ON DEMAND

Explore the convergence of development, ops and security, and the opportunity to align all cloud stakeholders with policy automation with Alan Shimel (Security Boulevard and DevOps.com), Josh Stella (CEO, Fugue), and Matt Howard (EVP, Sonatype).

ON DEMAND
oTsSSmJMU4Fn95pwfmY5UZ
Avoiding a Cloud Security Collision with Policy Based Automation

We recently hosted a panel of experts for a lively and fascinating discussion pertaining to the 2021 Cybersecurity Executive Order, and what it might mean for software vendors and customers in Federal and commercial markets.

ON DEMAND
DkHzxJmVom6RqkU5j4HdR7
Is your Software Critical? Emerging Questions Associated with 2021 Cybersecurity Executive Order

You’ve heard the news, cybersecurity hygiene and software supply chain security will be under the microscope of the federal government for the first time in history. Make time to chat with us about what you need to know now, and how you can expect markets to respond to new federally mandated secure development requirements. 

ON DEMAND
VhffKm4jXE8BgtEsJhhF26
Market Movements: Impacts of the 2021 Cybersecurity Executive Order

Legal compliance can be a burdensome task, taking thousands of hours a year alone to collect, review, and comply with open source license obligations - but it’s necessary if you want to avoid hefty legal fines or worse, be at risk for publishing your company’s proprietary code. Why has legal compliance become so arduous?

 

ON DEMAND
RvXPb314knVa12aKUQzVLh
Automate Legal Compliance and Eliminate Regulatory Risk

Threat actors who managed to breach the popular developer tool, Codecov remained undetected for 2 months and reportedly hacked over hundreds of customer networks. In this webinar, we'll take a step back, and ask, how did this happen and how can we prevent it from happening again!

ON DEMAND
MQXTVFcQDq9Wudgy8w6GLc
Codecov Incident: The What, the How, and Preventing it From Happening Again

According to Gartner, by 2023, 60% of organizations will use infrastructure automation tools as part of their DevOps toolchains, improving application deployment efficiency by 25%. Join us for a live demo of our newest product, Infrastructure as Code (IaC), to learn how this add-on Pack to Nexus Lifecycle can help you secure early and everywhere across your software supply chain.

ON DEMAND
MFYeycNzFZ6VAXMxQbf3Qf
Simplifying Cloud Infrastructure Security & Compliance

According to Gartner, by 2022, more than 75% of global organizations will be running containerized applications in production. Join us for a live demo of Sonatype’s newest product, Nexus Container, to learn how to embed container security when you need it, where you need it - early and everywhere across your software supply chain.

ON DEMAND
MFYeycNzFZ6VAXMxQbf3Qf
Automating Container Quality and Security from Build to Runtime

Brian Fox, CTO at Sonatype, and Stephen Magill, co-founder of Muse, go in-depth about Sonatype’s newest product Muse. In a live demo of Muse, they discuss how Muse goes beyond traditional linting and SAST to perform deep code analysis, far surpassing legacy tools like SonarQube. Watch the recorded session from March 2021.

ON DEMAND
rU6cFm5Ahs1tWoVAxHTzbu
Meet Muse, our newest product!

When an ethical hacker announced he’d successfully breached 35 technology company’s vulnerable software supply chains, including Apple, Microsoft and Netflix, it was no surprise to Sonatype. Hear from the research team that first broke the news as they discuss the events that led to the breaches, how this particular method of software supply chain attack is so simple, and yet so effective and what you can do about it to avoid exposure in the future.

ON DEMAND

Cloud and open source are eating the world — making the life of a modern CTO more challenging. Watch the first installment of our CTO Talks series as Brian Fox, CTO at Sonatype, and Josh Stella, CTO at Fugue, share their insights into trends impacting modern development. 

ON DEMAND

The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. In this webinar, we discuss the key traits of high-performing teams and how that impacts the role of the developer.

ON DEMAND

Government agencies are increasingly embracing the concept of DevOps with the DoD paving the way. Hear from our DoD panel of experts and learn how automated security practices are being implemented across the DoD and ways to apply to your agency.

ON DEMAND

Gene Kim, Stephen Magill, and Derek Weeks on September 30th explored findings from our 6th annual State of Software Supply Chain report. Over 1.5 trillion downloads, 24,000 OSS projects, and 5,600 dev teams were analyzed in this year's report. 

ON DEMAND
jtjPWRhCEnYtBA8FKafnY6
New Performance Benchmarks for DevSecOps

All 40 sessions from the 2020 Nexus User Conference are available on-demand. Hear from our product owners, executives, customers, and industry thought leaders as they reveal the latest insights about Nexus, DevSecOps, and AppSec.

ON DEMAND

Derek Weeks shares the practices and outcomes that were discovered that differentiate the low performers from the peak performers. You’ll understand how open source projects with 1.5x more frequent releases and 530x faster open source dependencies upgrades harness this speed to dramatically improve security within their code.

ON DEMAND

With the speed of development increasing, App Sec professionals realize that developers are now on the front lines of application security. Join our guests, Forrester Research and Zions Bank as they both share how organizations can move to a more proactive approach for open source vulnerability detection and remediation.

ON DEMAND

Navigate the recent recommendations for the NIST Secure Software Development Framework with DevSecOps to better understand how to mitigate software vulnerability risks. Interact with NIST Fellow, Ron Ross, and Sonatype Vice President, Derek Weeks, in a fireside chat.

ON DEMAND
64XZdbCHkm5CUJ4zw7ciQT
Fireside Chat with NIST Fellow Ron Ross

Nexus Platform: New Feature Highlights Q2 2020

In June 2020 Sonatype Product Managers discussed the latest features of the Nexus Platform to include expanded language support, new SCM integrations, remediation guidance for transitive dependencies, precise intelligence via npm audit, and new repository formats.

ON DEMAND
1Hb2wGnRtJu2pUGJ1kpPT3
Nexus Platform: New Feature Highlights Q2 2020

Tune into our highest rated conference session from All Day DevOps Spring Break where DevOps pros Paula Thrasher, Mike Hansen, and Ross Clanton share a number of counter intuitive aspects worth consideration as those new to remote work seek to optimize their implementations and adapt to a new way of getting things done.

ON DEMAND

We heard from over 5,000 developers in our 7th annual DevSecOps Community Survey. Authors, Derek Weeks & DJ Schleen review the results of the survey in their Keynote address at All Day DevOps Spring Break Edition.

ON DEMAND

In March of 2020, Derek Weeks, Sonatype, and ServiceNow’s Steve Springett relayed their firsthand knowledge on how to create a Software Bill of Materials, the first step of any SCA Program.

ON DEMAND
HU6HuQgRuTNVsvtkveYjNp
Getting Started with Software Composition Analysis (SCA)

Nexus Platform: New Feature Highlights Q1 2020

In the first product webinar of 2020, Product Managers showcase recent product enhancements across the Nexus Platform. Watch this 30 min webinar to advance your Nexus skills with new repository formats, data integrations and user experience updates.

ON DEMAND
Hs7AJPY41VaDt8J7oKw172
Nexus Platform: New Feature Highlights Q1 2020

Nexus Platform: New Feature Highlights Q4 2019

It's the last product webinar of 2019, and boy did we release some exciting features. Listen to the December 10th recording to see the latest product enhancements to the Nexus platform. Whether you're an existing customer or just learning about Nexus products, our product managers cover IQ updates, Repository updates, and reveal some exciting FREE tools for developers.

ON DEMAND
dKJQHYB8DjSj8Mm4jJ5Wam
Nexus Platform: New Feature Highlights Q4 2019

There is something to be said about engaging with the people behind the products you use and interact with every day. Sonatype Product Managers showcase the latest and greatest product enhancements in the NEXUS platform.

ON DEMAND
qWKecF2Xb75HGNh2dtGGjB
Nexus Platform Highlights New Features - Q3 2019

Software Composition Analysis

There are many vendors and disparate tools in the Software Composition Analysis (SCA) market today -- but not all are able to automate your governance initiatives at scale. Join Sonatype and 451 Research for a webinar on the core concepts and differentiators of a successful SCA program.

ON DEMAND
9g9avzGqomrCYdaE5wQ7eM
Software Composition Analysis

2019 Nexus User Conference

All 34 sessions from the 2019 Nexus User Conference are available Ondemand. In it's second year, 47 speakers over 10 hours shared their stories as Nexus Innovators. Topics span all aspects of the Nexus Lifecycle, Nexus Firewall, Nexus Repository and its ecosystem.

ON DEMAND

The 2019 State of the Software Supply Chain

The fifth, “State of the Software Supply Chain Report” is here. Listen to what we discovered when analyzing 36,000 open source project teams, 3.7 million open source releases, 12,000 commercial engineering teams, and 6,200 development professionals.

ON DEMAND
oCTJ1vfpcTNVwCHRzqBaho
The 2019 State of the Software Supply Chain

Sonatype & HackerOne Team Up to Make Open Source Safer

Sonatype recently teamed up with HackerOne to create The Central Security Project (CSP). The first-of-its-kind program brings together the ethical hacker and open source communities to streamline the process for reporting and resolving vulnerabilities discovered in libraries housed in The Central Repository, the world’s largest collection of open source components.

ON DEMAND
gByjrSWaqc2kH9q1mpcBA5
Sonatype & HackerOne Team Up to Make Open Source Safer

Nexus Platform: New Feature Highlights Q2 2019

In May 2019, Sonatype product mangers highlighted the latest product enhancements to the Nexus products during our quaterly webinar. Whether you're an existing customer or just learning about Nexus products, listen to this webinar as our product managers cover IQ updates, Repository updates, and more.

ON DEMAND
Vib7Z3bHPBdVkkfmGKxqZK
Nexus Platform: New Feature Highlights Q2 2019

Exploring the 2019 DevSecOps Survey Results

We surveyed over 5,500 DevOps pros in 2019 and shared those results with the community on March 28, 2019. Whether you are part of a DevSecOps Elite organization or just starting on your DevSecOps journey download this webinar where we discuss, analyze, and debate the results.

ON DEMAND
BcXpwdjfgQRmzbMJwVo3Pd
Exploring the 2019 DevSecOps Survey Results

Understanding ABN AMRO's Software Supply Chain

Listen to a conversation with Stefan Simenon, Head of Centre of Expertise Software Development and Tooling at ABN AMRO, as we discuss the growing reliance on software supply chains, best practices for automating open source governance and the increasing velocity of adversary breaches.

ON DEMAND

FCW Securing Supply Chains

Today, software development teams are consuming billions of open source components and containerized applications to improve productivity at a massive scale by leveraging open source software supply chains. 

ON DEMAND
QNqLwhkQJCy95H76Q5v7KX
FCW Securing Supply Chains

DevOps at The Hartford: Securing the Software Supply Chain

Derek Weeks and Ken D’Auria from The Hartford discuss the growing reliance on software supply chains, best practices for automating open source governance, and the increasing velocity of adversary breaches. Listen to learn more.

ON DEMAND
Yy7Euphgp8MLTxDvwj4rsq
DevOps at The Hartford: Securing the Software Supply Chain

How to Manage your Open Source Vulnerabilities

Watch this webinar to understand how security-forward organisations in Australia and New Zealand are empowering their developers by shifting left and giving them information about Open Source security and licensing.

ON DEMAND

Nexus Platform: New Feature Highlights Q1 2019

Speakers Jamie Whitehouse and Michael Prescott highlight some of the latest and greatest product enhancements. Listen in to learn about improvements to search, cleanup policies, storage, and cloud support in Nexus Repository.

ON DEMAND
7T2FZFr22AucvWAbxDNWkK
Nexus Platform: New Feature Highlights Q1 2019

DevSecOps Webinar: How to Empower Developers with Nexus Lifecycle

Learn how to deliver to developers open source component security and licensing information right in their Integrated Developer Environment (IDE). We will look at the software development lifecycle (SDLC) and how to integrate security checks at different stages. By shifting left and empowering developers, accelerating software innovation is easier, faster and safer.

ON DEMAND
PecD2dy5sqjTyuxuoAcyCw
DevSecOps Webinar: How to Empower Developers with Nexus Lifecycle

DevSecOps Reference Architectures: Expert Panel

Integrating security into DevOps to deliver "DevSecOps" requires changing mindsets, processes and technology. Watch this webinar to learn what tools and processes your peers are using to scale DevSecOps.

ON DEMAND

GDPR with Sonatype, BDQ and Atlassian - Pragmatic Solutions to a Difficult Problem

With the deadline for GDPR fast approaching, what can organisations do to become compliant and remain so in their future software development? BDQ, Atlassian and Sonatype invite you to a webinar giving an overview of the legislation and a pragmatic approach on how to handle various GDPR requirements, such as documentation, data subject requests and breach reporting. 

ON DEMAND

Running Docker Containers Securely in Production

Watch the Mesosphere and Sonatype webinar to learn how to better manage and secure container environments for your DevOps and CI/CD pipeline so you can build elastically data-rich, modern applications in production.

ON DEMAND

Three Fannie Mae Executives Share Their DevSecOps Journey

We are bringing together three Fannie Mae executives from development, security and operations to share their DevSecOps transformation. Learn from their journey to build a customer-centric value chain centered around automated security governance.

ON DEMAND
2sXpZhrNA7E8Y6sdFWBiHU
Three Fannie Mae Executives Share Their DevSecOps Journey

Post-Equifax: How to Trust But Verify Your Software Supply Chain

We've brought together TomiTribe and the Federal Reserve Bank of New York to discuss the importance of trusted software supply chains in the post-Equifax breach environment. Learn why Gartner believes that establishing, managing and maintaining trust requires an integrated approach to embed and quantify trust throughout your entire DevOps practice.

ON DEMAND

A DevSecOps Demo: Early, Everywhere, At Scale

XebiaLabs and Sonatype outline a roadmap for integrating security into DevOps processes including the essential requirements for automating security as well as the key metrics for DevSecOps success.

ON DEMAND
ocUufFpRofCtMGrQfo5s8k
A DevSecOps Demo: Early, Everywhere, At Scale

30 Nexus Integrations to Accelerate DevOps

No single tool can deliver on the promise of DevOps. Instead, it’s a collection of tools, easily integrated, tightly managed and effectively automated. Watch this webinar to learn more about our latest DevOps integrations and product enhancements.

ON DEMAND

DevSecOps with Jenkins, GitHub and Eclipse

Watch this webinar to learn how you can integrate automated security controls within Jenkins, GitHub, Eclipse, Visual Studio and more so you can use high quality open source components that meet corporate policies.

ON DEMAND
HMGdN9oqBan33Ub59kMLpb
DevSecOps with Jenkins, GitHub and Eclipse

New Research: 2017 State of the Software Supply Chain

The 3rd annual State of the Software Supply Chain Report is here. This year's analysis extends beyond the Java ecosystem and includes a stronger emphasis on the emergence of DevOps. Watch to hear the detailed industry analysis.

ON DEMAND
nExx43xxnR8JGd8iHaU6M4
New Research: 2017 State of the Software Supply Chain

Crossing the DevOps in Infosec Divide

Frequently cited as an obstacle to producing software at DevOps speed, information security is an important, yet still often neglected, element in today’s modern software delivery teams. Watch this webinar to hear the common people, process, and tool challenges enterprise DevSecOps teams are facing.

ON DEMAND

DevOps & System Modernization at Federal Agencies

Watch this webinar where we'll share how USCIS at the Department of Homeland Security worked with Coveros to modernize a mission critical system by defining an initial DevOps tool chain with open source technologies.

ON DEMAND

2017 DevSecOps Survey Results Revealed

Our 2017 DevSecOps community survey results are in. Hear how 2,292 professionals revealed mature DevOps organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale. 

ON DEMAND

2017 All Day DevOps Recording

Watch the recordings from the biggest DevOps event of 2017. With tracks focusing on Automated Security, Modern Infrastructure, CI/CD, Government, Cultural Transformation, this event has over 100 hours of content watched by over 35,000 people.

ON DEMAND

Do You Know What's Inside Your JavaScript? Nexus Does.

Whether you’re building applications with JavaScript, Java, NuGet, or Docker containers - see how the Nexus Platform delivers truly precise component intelligence for npm,  on a DevOps-native platform, automated at scale.

ON DEMAND
btcSygnovYQyKfBA4E8EUW
Do You Know What's Inside Your JavaScript? Nexus Does.

Why Real Time Component Intelligence Matters

Learn how organizations like Capital One, Intuit, and FedEx rely on Nexus software supply chain tools to consume real-time component intelligence, implement automated component controls and monitor components continuously throughout the software lifecycle.

ON DEMAND

New Research: 2016 State of the Software Supply Chain

We’ve studied the patterns and practices exhibited by high-performance organizations. We’ve also documented how these innovators are utilizing the principles of software supply chain automation to manage the massive flow and variety of open source components and consistently deliver higher quality applications for less. Hear the findings.

ON DEMAND

Nexus Repository 3.0 is here. See it in action!

See a live demonstration of the Nexus Repository including the new runtime and improved architecture, updated interface for streamlined browse, search, and administration, newly added component formats like Docker and Bower and the new integration API. 

ON DEMAND

How to Secure Your Open Source Supply Chain

Applications, comprised of middleware and open source components, offer intruders a broad footprint and attack surface area. Join this webinar to learn how a leading global financial services firm is establishing a clean open source supply chain to support their software development and application security goals. 

ON DEMAND

Continuous Integration Using Docker


Simplify continuous integration with Docker. Listen to the panel discussion with Marcel Birkner (codecentric), Brian Dawson (CloudBees), and Curtis Yanko (Sonatype) where they share essential tips, rules, and tools for getting your CI program started on Docker today.

ON DEMAND

Running Docker in Production? A Premium Private Registry is a Must.

Before rolling Docker into production users are demanding access to private registries to securely store and manage their Docker images. Listen to Chris Riley, DevOps analyst at Fixate and Jeffry Hesse, Nexus product owner at Sonatype share their thoughts on the importance of having a premium private Docker registry.

ON DEMAND

Benefit from New Industry Open Source Governance Strategies

Watch this webinar to learn how the Cyber Supply Chain Transparency and Remediation Act and the FS-ISAC Third Party Software Security Working Group guidelines are sharing the landscape with respect to modern governance of open source software risks. 

ON DEMAND

Experts Share DevOps / CD Reference Architectures

Listen to the panel discussion between Dave Farley, co-author of Continuous Delivery, and Curtis Yanko and Brian Dawson, two experienced practitioners discuss best practices for securing new investments, driving process changes, and selecting tools to support Continuous Delivery and DevOps practices. 

ON DEMAND

A "Firewall" for Bad Binaries

Nexus repository managers first revolutionized software builds, making them faster and more reliable. Now we are arming your repositories with supply chain intelligence and policy automation to keep the bad components out. See how you can automate open source policies at the earliest possible point - your repository manager.

ON DEMAND

Continuous Acceleration with a Software Supply Chain Approach

Listen to Gene Kim, CTO, researcher and author of the best-selling book “The Phoenix Project” and Josh Corman, Sonatype CTO and co-founder of Rugged Software as they discuss how high performing organizations are applying proven supply chain principles to accelerate software delivery.

ON DEMAND