<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

White Papers

Key thoughts and ideas from industry analysts, partners, and our own experts.
2017 SSC

2017 State of the Software Supply Chain

We live in an application economy where software has shifted from being a driver of nominal efficiency gains to an enabler of new customer experiences and markets. To compete effectively on a global playing field, companies aren’t just writing software — they’re manufacturing it as fast as they can using an infinite supply of open source component parts, machine automation, and supply chain-like processes.

Accelerate DevOps Early, Everywhere, at Scale

Software developers use open source and third party components to be more competitive and speed time to innovation. Because of this, open source usage is massive and it’s growing. However not all open source components are created equal. Read how you can use the Nexus platform to accelerate DevOps without sacrificing software quality.

30+ Nexus Integrations to Accelerate DevOps

No single tool can deliver on the promise of DevOps. Instead it’s a collection of tools, easily integrated, tightly managed, and effectively automated. Learn how Nexus integrates with more DevOps tools you use everyday.

2017 DevSecOps Community Survey

Traditional waterfall-native security practices often don’t fit in the DevOps native world. This survey gives a better sense of how organizations are adapting, what challenges they’ve overcome, and what approaches they are prioritizing.

JavaScript: Thou Shall Not Depend On Me

Six researchers from Northeastern University offer a comprehensive study of JavaScript library usage and the resulting security implications.  Analysis of 133,000 websites, reveals  37% of them include at least one library with a known vulnerability.


Four Strategies for Securing Federal Applications at the Speed of DevOps

Agencies need security protocols that can keep pace with development practices - without holding them back. Discover how SSCA can help agencies achieve greater agility through DevOps while ensuring the code they're using is free of vulnerabilities.

DevSecOps: How to Seamlessly Integrate Security Into DevOps

Gartner predicts that more than 70% of enterprise DevOps initiatives will incorporate automated security vulnerability and configuration scanning for open source components, commercial packages, and containers by 2019.  


Forrester Research on DevOps and Software Supply Chain Management

Use DevOps and Supply Chain Principles to Automate Application Delivery Governance

Forrester describes how application delivery organizations are applying automated supply chain management practices to improve both application delivery governance and business results.

Precision Matters

Sonatype is committed to making sure we can deliver a truly precise and DevOps-native approach to open source component intelligence. Learn how Sonatype took a different approach, and why precision matters when helping teams accelerate software innovation, quality, and security.



DevOps and Continuous Delivery Reference Architectures

We have assembled 40 real-world DevOps and Continuous Delivery reference architectures from our user community.  Each of them offers insight to the user's organizational structure, tools chain, and DevOps processes. Constant themes across the tool chain reveal use of: Jenkins, Sonatype Nexus, Git, Docker, Puppet/Chef, ServiceNow, and Sonar.



Sonatype Embraces Security in DevOps with Nexus Visibility and Automation

451 Research finds value in the Sonatype strategy to apply Deming supply-chain principles to boost developer productivity and speed while diminishing security issues and risk. Read the complete analyst write up on Nexus Software Supply Chain solutions.



2016 State of the Software Supply Chain Report

Over the past decade, software development practices have witnessed significant changes that have greatly improved velocity, agility, and innovation. Read this report to see how organizations are applying traditional supply chain principles to software development and having transformative effects.



Improve RMF Practices Through Automation

Learn how Federal agencies can employ software supply chain automation to closely align with each step of their Risk Managment Framework practice.

Concepts and Benefits of Repository Management

The proliferation and usage of many varied public repositories has triggered the need to improve the process for organizing, storing, and distributing software components at a local level. Read why a fully scalable component repository should be at the heart of your supply chain.



Appropriate Software Security Control Types for Third Party Service and Product Providers

Third party software is the new perimeter for every financial institution. According to Gartner, “since enterprises are getting better at defending perimeters, attackers are targeting IT supply chains. Read the guidelines published by FS-ISAC to manage risk associated with open source libraries and components.



How to Get Infosec & Legal Teams Invited to the DevOps Table

With automated discovery, approval and tracking of open source components InfoSec and legal teams are no longer the bottleneck to development teams. Read how Nexus Software Supply Chain solutions are enabling software development and delivery teams to go even faster, while simultaneously working with security and legal to achieve greater quality and security.
beyond lean, agile, and devops

Software Supply Chain Automation: Beyond Lean, Agile, and DevOps

The latest wave of application development has enabled speed, increased throughput and unlocked innovation, but revealed hidden inefficiencies and risk. Read the 3 key principles of supply chain management now transforming the way software is built and delivered.



Get Maven and Nexus eBooks

Get your essential go-to-guides for both Nexus and Maven. Learn how to organize, store, and distribute components across your software supply chain using Nexus Repository. Get real practice with Maven using both the reference and example guides detailing key concepts for customizing and optimizing Maven.

Get Nexus

Ready to try Nexus products?