Many development teams view security as an impediment to agility and innovation, but efforts over the past few years have tried to integrate security controls and testing directly into DevOps workflows without sacrificing development speed and deployment flexibility.
Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product. All 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.
With two international cyber-crime conferences in Belfast in the same week, we're asking whether your company can stay ahead of the hackers. Wendy Austin is joined by Shannon Lietz, DevSecOps lead at Intuit; Mark Miller, senior storyteller at Sonatype; and David Crozier of Queen's University spinout CSIT.
DevOps can help develop software faster, but that's not making it any safer. DevSecOps is an effort to bring security into the mix. Here are some ways to get started.
Sonatype released the next generation of its free Repository Health Check (RHC) feature within its flagship Nexus Repository product. As of today, all 120,000 organizations using Nexus will benefit immediately from the ability to automatically analyze the quality and security of open source software components housed within their Nexus Repository as part of their DevOps pipeline.
Today's development practices continue to evolve toward the fast iterations of smaller builds. Developers are using approaches like microservices to chunk out monolithic applications into a sum of more rational and reusable mix-and-match elements.
Sonatype announced that its Nexus Firewall will offer support for automated governance of PyPI components before the end of the quarter.
Mature development organizations make sure automated security is built into their DevOps practice early, everywhere and at scale, according to a new report by Sonatype.
When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates.
DevOps Express initiative aims to streamline the way enterprises transform their software development and delivery processes to DevOps.
The software world is being flooded with open source product. In fact, the federal government has an open-source-first policy. But maybe it's time to stop and think about sources of open source. Where does all that code originate? The software supply chain. That's something Derek Weeks, vice president and DevOps advocate at Sonatype, looks at carefully. He joins Federal Drive with Tom Temin.
What: The 2016 State of the Software Supply Chain report from Sonatype detailing the use of open source components in software. Why: Because 80 to 90 percent of today’s software applications are made of component parts, and increasingly, open source components, defect rates and security and quality issues abound within the software supply chain. Adopting supply chain automation principles, however, could reduce vulnerabilities.
Companies that develop enterprise applications download over 200,000 open-source components on average every year -- and one in 16 of those components has security vulnerabilities.