Why Real-Time Component Intelligence Matters

Live Webinar

Join Sonatype co-founder Brian Fox, on February 24 at 12pm ET to learn how organizations like Capital One, Intuit, and FedEx rely on Nexus software supply chain tools to:

  • Consume real-time component intelligence.
  • Implement automated component controls.
  • Monitor components continuously throughout the software lifecycle.

Reserve Your Seat

Yes, A "Firewall" for Bad Binaries

On-Demand Recording

Nexus repository managers first revolutionized software builds, making them faster and more reliable. Now we are arming your repositories with supply chain intelligence and policy automation to keep the bad components out and let the good components in. No more labor intensive research and manual approval processes. Watch this on-demand recording to see Nexus Firewall live. View now!

Running Docker in Production? A Premium Private Registry is a Must

On-Demand Recording

Before rolling Docker into production, users are demanding access to private registries to securely store and manage their Docker images. With private repositories, you can provide secure, role-based access controls and have a clean chain of custody to ensure what you build is what you deploy. Watch as Chris Riley, DevOps analyst at Fixate and Jeffry Hesse, Nexus product owner at Sonatype discuss the importance of having a premium private Docker registry. View now!

Experts Share DevOps / CD Reference Architectures

On-Demand Recording

Dave Farley, co-author of Continuous Delivery, along with Curtis Yanko and Brian Dawson, two experienced practitioners, share powerful stories from the front lines of managing Continuous Delivery and DevOps practices in top fortune 500 companies. Learn from their best practices for securing new investments, driving process changes, and selecting tools to support their software factories.

Italian Partner Emerasoft Presents Webinar: Sicurezza e qualità del software con Nexus Sonatype (presented in Italian)

On-Demand Webinar

L’uso di componenti Open Source nei processi di sviluppo potrebbe inconsapevolmente portare all’introduzione di vulnerabilità, spesso note, dovute all’utilizzo di versioni non aggiornate degli stessi componenti, o dall’utilizzo di componenti superflui. Guarda qui.

New Research Reveals 24 Vulnerabilities in the Average Application

On-Demand Recording

Gain new insights on how to deliver higher quality software even faster -- with less unplanned, unscheduled rework. If you are using open source components as part of development you may be unknowingly sabotaging your efforts by introducing known vulnerabilities – shockingly there are 24 vulnerabilities in the average application. Hear the results of an extensive analysis of open source usage across 106,000 development organizations. We’ll be drawing analogies between modern software development and traditional manufacturing supply chains, focusing on proven steps to improve speed, efficiency and quality. Watch the on-demand recording.

Carahsoft and Sonatype Partnership Kickoff Webcast: Public Sector Software Development

On-Demand Recording

As usage of Open Source Software increases in the public sector and mission critical applications, it is important to continually secure the supply chain and select the safest components available. View this webinar to see how Sonatype's Nexus Lifecycle product help you quickly and proactively find and replace flawed open source from your software ecosystem and achieve comprehensive and lasting governance across the entire software supply chain. View the on-demand recording.

Continuous Acceleration with a Software Supply Chain Approach

On-Demand Recording

Join Gene Kim, CTO, researcher and author of the best-selling book “The Phoenix Project” and Josh Corman, Sonatype CTO and co-founder of Rugged Software as they discuss how high performing organizations are applying proven supply chain principles to accelerate software delivery.

Inside the Sonatype Engineering Team - The Tooling

On-Demand Recording

Learn how our completely remote workforce leverages agile techniques and tooling such as JIRA, GitHub, HipChat and Nexus Pro+ to plan and deliver new product capabilities in two week sprints. View the on-demand recording.

Inside the Sonatype Engineering Team - The Process

On-Demand Recording

Learn how our remote workforce works together leveraging a tool chain of Ansible, AWS, Bamboo, Docker and Nexus Lifecycle to build, release and operate our products and infrastructure. View the on-demand recording.

Strengthen Cyber Resilience with Software Supply Chain Visibility

On-Demand Recording

Our dependence on software continues to grow, powering some of our nation’s most critical infrastructure. To secure our cyber assets, we need to apply high standards to our software suppliers as well as the third party parts built into our software. Join the discussion on how open source and component-based development is driving the need for a software supply chain. Learn techniques and technologies used to vet software suppliers and known vulnerable components. Watch the on-demand recording.

Accelerating Continuous Delivery by Improving NuGet Component Management

On-Demand Recording

Use of repository managers in continuous delivery environments are shown to reduce build times 20-fold as compared to relying on public open source repositories like the NuGet Gallery. By relying on a local caching proxy for the NuGet Gallery and hosting your own proprietary NuGet packages locally, you can dramatically improve build speeds and reliability. In this session, we also show how a repository manager that integrates with NuGet helps .NET developers manage component versions, dependencies and license types using proxy facilities to ensure a continuous flow of development and faster cycle times.

Webinar: Ban Avoidable Risk and Rework on Open Source Components: Featuring Customer Story

On-Demand Recording

It's time we Raise the B.A.R.R to "Ban Avoidable Risk and Rework" and STOP using components with known vulnerabilities in our software and START building transparency and traceability of all open source components used. In this webcast, Nigel Simpson, Director of Architecture in the Media and Entertainment industry helps us learn strategies to improve governance and reduce risk by engaging developers early in the process. View this on-demand recording.

Nexus Live: October 9, 2014 1:00pm EDT, TheNEXUS Community Sneak Peak

On-Demand Recording

During the October 2014 broadcast of Nexus Live we were able to catch up with Gene Kim and Josh Corman to find out what’s in store for the DevOps Enterprise Summit in the Bay Area at the end of the month. We also took a quick look at TheNEXUS, the new community site for Nexus, Nexus Pro and CLM. Take a look.

Webinar: See the Sonatype Product Roadmap Revealed

On-Demand Recording

For years, development teams and now security professionals have looked to Sonatype for better management of open source and third party components across the software supply chain. Watch our live product roadmap discussion to learn more about our commitment to helping you achieve real business value from your enterprise applications more quickly - with efficiency, quality and security addressed across the software lifecycle. See how with new product advancements for more component languages, a consolidated risk management dashboard and expanded integration points across the SDLC can bring your organization enterprise-class component management to your development operations.

ISSA Webinar: What's in your Software? Identifying Open Source Vulnerabilities

On-Demand Recording

New software enters our security ecosystems daily. When we evaluate the software we look for vulnerabilities in the product. Of course we run functional tests, or break out our favorite scanner, to see if there is embedded malware or dangerous deployment requirements, or even bugs in the program. When done, it gets deployed. What happens after deployment is important, but also gets missed. Of course we will catch new vulnerabilities that are directly related to the product, but what about vulnerabilities in the third party components included in the product? Recently this point was driven home by the numerous vulnerabilities in OpenSSL. This panel will leverage the insight from seasoned industry leaders as we hear their thoughts and reactions to Heartbleed.

Nexus Live: July 31, 2014 4:00pm EDT, The Atlassian Story with guest Tim Pettersen

On-Demand Recording

In this installment of Nexus Live, we spoke with Tim Pettersen, Developer Advocate at Atlassian, and we found out what's in store for future releases and how his team is using Nexus to help manage their open source projects.

Webinar: Open Source Development and Application Security Survey: The Results are In!

On-Demand Recording

Over 3,300 participated! The final results of our 4th Annual Open Source and Application Security Survey are in. Adrian Lane from Securosis and Brian Fox from Sonatype provide a detailed breakdown of the findings from a developer and an application security perspective. They discuss policies, practices, and breaches as well as how organizations can use these results to create constructive conversations to feed their open source security management practices.

Nexus Live: June 5th with Damon Edwards, SimplifyOps

On-Demand Recording

Join us in Google hangout where our guest will be Damon Edwards from SimplifyOps talking about their tool "RunDeck" that can be used side-by-side with the Nexus Repository.

RSA Webinar: Software Liability?: The Worst Possible Idea (Except for all Others)

On-Demand Recording

While many had hoped that market competition would influence security improvements, customers are forced to accept software as is with no alternatives. Software is responsible for our critical infrastructure, cars, medical devices and is a part of our daily lives including our well-being. Will we be able to achieve better software security without vendors facing financial consequences? View the on-demand recording.

Webinar: Lessons Learned from Heartbleed, Struts and the Neglected 90%

On-Demand Recording

Watch this insightful and witty discussion between two old pals, Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype on the state of application security today. They share their perspectives on the changing landscape of application development and how this is impacting common application security approaches. They agree the dramatic shift from source code to component based development has created an open source security gap. With component vulnerabilities becoming national news, Heartbleed, Struts and the promise of more to come, now is the time to address this growing security gap.

Webinar: Introducing a New Level of on Demand Application Security

On-Demand Recording

Sonatype and HP Fortify are the first to deliver a new level of application security that includes static and dynamic testing coupled with open source component analysis. Watch this on-demand session to learn how your organization can use Fortify on Demand with Sonatype's Open Source Visibility Report to gain complete visibility into what components you are using and if there are known vulnerabilities or license obligation that bring risk to your organization and your customers.

Nexus Live: March 2014 - The First 2 Minute Challenge

On-Demand Recording

In the discussion today we'll start with the most recent Nexus Advisory update, issue the 2 Minute Nexus Challenge to Manfred Moser, and talk with Rich Seddon from the Nexus support team.

Webinar: FS-ISAC Best Practices for Managing Risk from Open Source Libraries & Components

On-Demand Recording

In December of 2013, the FS-ISAC Third Party Software Security Working Group released new controls to manage risk associated with open source libraries and components. These controls recommend financial institutions apply policy management and enforcement as well as inventory management for open source libraries and components used in their application portfolio. Webinar features Jim Routh, Aetna's Chief Security Officer and Joshua Corman, Sonatype's Chief Technology Officer.

Webinar: New PCI Requirements for Component Security

On-Demand Recording

With 12 major requirement categories and more than 250 individual requirements, PCI compliance has always been a challenge. Now that PCI and the OWASP Top 10 have been updated to address the use of vulnerable components in applications, companies have a new challenge to deal with. Listen to Monika Liikamaa, Director of Crosskey Card Solutions, as she shares best practices to consider when preparing your PCI Compliance efforts as well as how Crosskey was able to achieve full PCI Compliance for component security in just 6 weeks.