Sonatype Releases 2018 State of the Software Supply Chain Report| Press Release
Thoughts and ideas from analysts, partners, and our own experts.
2018 Software Supply Chain Report
In this world, speed is critical, open source is everywhere, and security concerns are sometimes relegated to the back seat — which is why we’re once again examining the state of the open source software supply chain. Like previous reports, the 2018 State of the Software Supply Chain Report blends a broad set of public and proprietary data with expert research and analysis.
In this world, speed is critical, open source is everywhere, and security concerns are sometimes relegated to the back seat — which is why we’re once again examining the state of the open source software supply chain.
Legacy open source governance tools are prone to excessive false positives and create friction within the development lifecycle. Modern open source governance tools are powered by precise and accurate component intelligence and accelerate innovation. Read this paper to learn more.
The 2017 State of the Software Supply Chain Report blends a broad set of public and proprietary data with expert research and analysis to reveal 1. an ever expanding supply and demand for open source components, 2. how open source components of varying quality are fowing through development lifecycles and landing in production applications, and 3. how DevOps-native development teams are leveraging trusted software supply chains to improve quality, security, and productivity.
Software developers use open source and third party components to be more competitive and speed time to innovation. Because of this, open source usage is massive and it’s growing. However not all open source components are created equal. Read how you can use the Nexus platform to accelerate DevOps without sacrificing software quality.
Traditional waterfall-native security practices often don’t fit in the DevOps native world. This survey gives a better sense of how organizations are adapting, what challenges they’ve overcome, and what approaches they are prioritizing.
No single tool can deliver on the promise of DevOps. Instead it’s a collection of tools, easily integrated, tightly managed, and effectively automated. Learn how Nexus integrates with more DevOps tools you use everyday.
Agencies need security protocols that can keep pace with development practices - without holding them back. Discover how SSCA can help agencies achieve greater agility through DevOps while ensuring the code they're using is free of vulnerabilities.
Get your essential go-to-guides for both Nexus and Maven. Learn how to organize, store, and distribute components across your software supply chain using Nexus Repository. Get real practice with Maven using both the reference and example guides detailing key concepts for customizing and optimizing Maven.
We have assembled 40 real-world DevOps and Continuous Delivery reference architectures from our user community. Each of them offers insight to the user's organizational structure, tools chain, and DevOps processes. Constant themes across the tool chain reveal use of: Jenkins, Sonatype Nexus, Git, Docker, Puppet/Chef, ServiceNow, and Sonar.
Third party software is the new perimeter for every financial institution. According to Gartner, “since enterprises are getting better at defending perimeters, attackers are targeting IT supply chains. Read the guidelines published by FS-ISAC to manage risk associated with open source libraries and components.
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759 Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102 Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia London Office - 1 Primrose St, London EC2A 2EX