According to Gartner, by 2023, 60% of organizations will use infrastructure automation tools as part of their DevOps toolchains, improving application deployment efficiency by 25%. Join us for a live demo of our newest product, Infrastructure as Code (IaC), to learn how this add-on Pack to Nexus Lifecycle can help you secure early and everywhere across your software supply chain.
According to Gartner, by 2022, more than 75% of global organizations will be running containerized applications in production. Join us for a live demo of Sonatype’s newest product, Nexus Container, to learn how to embed container security when you need it, where you need it - early and everywhere across your software supply chain.
Brian Fox, CTO at Sonatype, and Stephen Magill, co-founder of Muse, go in-depth about Sonatype’s newest product Muse. In a live demo of Muse, they discuss how Muse goes beyond traditional linting and SAST to perform deep code analysis, far surpassing legacy tools like SonarQube. Watch the recorded session from March 2021.
When an ethical hacker announced he’d successfully breached 35 technology company’s vulnerable software supply chains, including Apple, Microsoft and Netflix, it was no surprise to Sonatype. Hear from the research team that first broke the news as they discuss the events that led to the breaches, how this particular method of software supply chain attack is so simple, and yet so effective and what you can do about it to avoid exposure in the future.
Cloud and open source are eating the world — making the life of a modern CTO more challenging. Watch the first installment of our CTO Talks series as Brian Fox, CTO at Sonatype, and Josh Stella, CTO at Fugue, share their insights into trends impacting modern development.
The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. In this webinar, we discuss the key traits of high-performing teams and how that impacts the role of the developer.
Government agencies are increasingly embracing the concept of DevOps with the DoD paving the way. Hear from our DoD panel of experts and learn how automated security practices are being implemented across the DoD and ways to apply to your agency.
Gene Kim, Stephen Magill, and Derek Weeks on September 30th explored findings from our 6th annual State of Software Supply Chain report. Over 1.5 trillion downloads, 24,000 OSS projects, and 5,600 dev teams were analyzed in this year's report.
All 40 sessions from the 2020 Nexus User Conference are available on-demand. Hear from our product owners, executives, customers, and industry thought leaders as they reveal the latest insights about Nexus, DevSecOps, and AppSec.
Derek Weeks shares the practices and outcomes that were discovered that differentiate the low performers from the peak performers. You’ll understand how open source projects with 1.5x more frequent releases and 530x faster open source dependencies upgrades harness this speed to dramatically improve security within their code.
With the speed of development increasing, App Sec professionals realize that developers are now on the front lines of application security. Join our guests, Forrester Research and Zions Bank as they both share how organizations can move to a more proactive approach for open source vulnerability detection and remediation.
Navigate the recent recommendations for the NIST Secure Software Development Framework with DevSecOps to better understand how to mitigate software vulnerability risks. Interact with NIST Fellow, Ron Ross, and Sonatype Vice President, Derek Weeks, in a fireside chat.
Nexus Platform: New Feature Highlights Q2 2020
In June 2020 Sonatype Product Managers discussed the latest features of the Nexus Platform to include expanded language support, new SCM integrations, remediation guidance for transitive dependencies, precise intelligence via npm audit, and new repository formats.
Tune into our highest rated conference session from All Day DevOps Spring Break where DevOps pros Paula Thrasher, Mike Hansen, and Ross Clanton share a number of counter intuitive aspects worth consideration as those new to remote work seek to optimize their implementations and adapt to a new way of getting things done.
We heard from over 5,000 developers in our 7th annual DevSecOps Community Survey. Authors, Derek Weeks & DJ Schleen review the results of the survey in their Keynote address at All Day DevOps Spring Break Edition.
In March of 2020, Derek Weeks, Sonatype, and ServiceNow’s Steve Springett relayed their firsthand knowledge on how to create a Software Bill of Materials, the first step of any SCA Program.
Nexus Platform: New Feature Highlights Q1 2020
In the first product webinar of 2020, Product Managers showcase recent product enhancements across the Nexus Platform. Watch this 30 min webinar to advance your Nexus skills with new repository formats, data integrations and user experience updates.
Nexus Platform: New Feature Highlights Q4 2019
It's the last product webinar of 2019, and boy did we release some exciting features. Listen to the December 10th recording to see the latest product enhancements to the Nexus platform. Whether you're an existing customer or just learning about Nexus products, our product managers cover IQ updates, Repository updates, and reveal some exciting FREE tools for developers.
There is something to be said about engaging with the people behind the products you use and interact with every day. Sonatype Product Managers showcase the latest and greatest product enhancements in the NEXUS platform.
Software Composition Analysis
There are many vendors and disparate tools in the Software Composition Analysis (SCA) market today -- but not all are able to automate your governance initiatives at scale. Join Sonatype and 451 Research for a webinar on the core concepts and differentiators of a successful SCA program.
2019 Nexus User Conference
All 34 sessions from the 2019 Nexus User Conference are available Ondemand. In it's second year, 47 speakers over 10 hours shared their stories as Nexus Innovators. Topics span all aspects of the Nexus Lifecycle, Nexus Firewall, Nexus Repository and its ecosystem.
The 2019 State of the Software Supply Chain
The fifth, “State of the Software Supply Chain Report” is here. Listen to what we discovered when analyzing 36,000 open source project teams, 3.7 million open source releases, 12,000 commercial engineering teams, and 6,200 development professionals.
Sonatype & HackerOne Team Up to Make Open Source Safer
Sonatype recently teamed up with HackerOne to create The Central Security Project (CSP). The first-of-its-kind program brings together the ethical hacker and open source communities to streamline the process for reporting and resolving vulnerabilities discovered in libraries housed in The Central Repository, the world’s largest collection of open source components.
Nexus Platform: New Feature Highlights Q2 2019
In May 2019, Sonatype product mangers highlighted the latest product enhancements to the Nexus products during our quaterly webinar. Whether you're an existing customer or just learning about Nexus products, listen to this webinar as our product managers cover IQ updates, Repository updates, and more.
Exploring the 2019 DevSecOps Survey Results
We surveyed over 5,500 DevOps pros in 2019 and shared those results with the community on March 28, 2019. Whether you are part of a DevSecOps Elite organization or just starting on your DevSecOps journey download this webinar where we discuss, analyze, and debate the results.
Understanding ABN AMRO's Software Supply Chain
Listen to a conversation with Stefan Simenon, Head of Centre of Expertise Software Development and Tooling at ABN AMRO, as we discuss the growing reliance on software supply chains, best practices for automating open source governance and the increasing velocity of adversary breaches.
FCW Securing Supply Chains
Today, software development teams are consuming billions of open source components and containerized applications to improve productivity at a massive scale by leveraging open source software supply chains.
DevOps at The Hartford: Securing the Software Supply Chain
Derek Weeks and Ken D’Auria from The Hartford discuss the growing reliance on software supply chains, best practices for automating open source governance, and the increasing velocity of adversary breaches. Listen to learn more.
How to Manage your Open Source Vulnerabilities
Watch this webinar to understand how security-forward organisations in Australia and New Zealand are empowering their developers by shifting left and giving them information about Open Source security and licensing.
Nexus Platform: New Feature Highlights Q1 2019
Speakers Jamie Whitehouse and Michael Prescott highlight some of the latest and greatest product enhancements. Listen in to learn about improvements to search, cleanup policies, storage, and cloud support in Nexus Repository.
DevSecOps Webinar: How to Empower Developers with Nexus Lifecycle
Learn how to deliver to developers open source component security and licensing information right in their Integrated Developer Environment (IDE). We will look at the software development lifecycle (SDLC) and how to integrate security checks at different stages. By shifting left and empowering developers, accelerating software innovation is easier, faster and safer.
DevSecOps Reference Architectures: Expert Panel
Integrating security into DevOps to deliver "DevSecOps" requires changing mindsets, processes and technology. Watch this webinar to learn what tools and processes your peers are using to scale DevSecOps.
GDPR with Sonatype, BDQ and Atlassian - Pragmatic Solutions to a Difficult Problem
With the deadline for GDPR fast approaching, what can organisations do to become compliant and remain so in their future software development? BDQ, Atlassian and Sonatype invite you to a webinar giving an overview of the legislation and a pragmatic approach on how to handle various GDPR requirements, such as documentation, data subject requests and breach reporting.
Running Docker Containers Securely in Production
Watch the Mesosphere and Sonatype webinar to learn how to better manage and secure container environments for your DevOps and CI/CD pipeline so you can build elastically data-rich, modern applications in production.
Three Fannie Mae Executives Share Their DevSecOps Journey
We are bringing together three Fannie Mae executives from development, security and operations to share their DevSecOps transformation. Learn from their journey to build a customer-centric value chain centered around automated security governance.
Post-Equifax: How to Trust But Verify Your Software Supply Chain
We've brought together TomiTribe and the Federal Reserve Bank of New York to discuss the importance of trusted software supply chains in the post-Equifax breach environment. Learn why Gartner believes that establishing, managing and maintaining trust requires an integrated approach to embed and quantify trust throughout your entire DevOps practice.
A DevSecOps Demo: Early, Everywhere, At Scale
XebiaLabs and Sonatype outline a roadmap for integrating security into DevOps processes including the essential requirements for automating security as well as the key metrics for DevSecOps success.
30 Nexus Integrations to Accelerate DevOps
No single tool can deliver on the promise of DevOps. Instead, it’s a collection of tools, easily integrated, tightly managed and effectively automated. Watch this webinar to learn more about our latest DevOps integrations and product enhancements.
DevSecOps with Jenkins, GitHub and Eclipse
Watch this webinar to learn how you can integrate automated security controls within Jenkins, GitHub, Eclipse, Visual Studio and more so you can use high quality open source components that meet corporate policies.
New Research: 2017 State of the Software Supply Chain
The 3rd annual State of the Software Supply Chain Report is here. This year's analysis extends beyond the Java ecosystem and includes a stronger emphasis on the emergence of DevOps. Watch to hear the detailed industry analysis.
Crossing the DevOps in Infosec Divide
Frequently cited as an obstacle to producing software at DevOps speed, information security is an important, yet still often neglected, element in today’s modern software delivery teams. Watch this webinar to hear the common people, process, and tool challenges enterprise DevSecOps teams are facing.
DevOps & System Modernization at Federal Agencies
Watch this webinar where we'll share how USCIS at the Department of Homeland Security worked with Coveros to modernize a mission critical system by defining an initial DevOps tool chain with open source technologies.
2017 DevSecOps Survey Results Revealed
Our 2017 DevSecOps community survey results are in. Hear how 2,292 professionals revealed mature DevOps organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale.
2017 All Day DevOps Recording
Watch the recordings from the biggest DevOps event of 2017. With tracks focusing on Automated Security, Modern Infrastructure, CI/CD, Government, Cultural Transformation, this event has over 100 hours of content watched by over 35,000 people.
Do You Know What's Inside Your JavaScript? Nexus Does.
Whether you’re building applications with JavaScript, Java, NuGet, or Docker containers - see how the Nexus Platform delivers truly precise component intelligence for npm, on a DevOps-native platform, automated at scale.
Why Real Time Component Intelligence Matters
Learn how organizations like Capital One, Intuit, and FedEx rely on Nexus software supply chain tools to consume real-time component intelligence, implement automated component controls and monitor components continuously throughout the software lifecycle.
New Research: 2016 State of the Software Supply Chain
We’ve studied the patterns and practices exhibited by high-performance organizations. We’ve also documented how these innovators are utilizing the principles of software supply chain automation to manage the massive flow and variety of open source components and consistently deliver higher quality applications for less. Hear the findings.
Nexus Repository 3.0 is here. See it in action!
See a live demonstration of the Nexus Repository including the new runtime and improved architecture, updated interface for streamlined browse, search, and administration, newly added component formats like Docker and Bower and the new integration API.
How to Secure Your Open Source Supply Chain
Applications, comprised of middleware and open source components, offer intruders a broad footprint and attack surface area. Join this webinar to learn how a leading global financial services firm is establishing a clean open source supply chain to support their software development and application security goals.
Continuous Integration Using Docker
Simplify continuous integration with Docker. Listen to the panel discussion with Marcel Birkner (codecentric), Brian Dawson (CloudBees), and Curtis Yanko (Sonatype) where they share essential tips, rules, and tools for getting your CI program started on Docker today.
Running Docker in Production? A Premium Private Registry is a Must.
Before rolling Docker into production users are demanding access to private registries to securely store and manage their Docker images. Listen to Chris Riley, DevOps analyst at Fixate and Jeffry Hesse, Nexus product owner at Sonatype share their thoughts on the importance of having a premium private Docker registry.
Benefit from New Industry Open Source Governance Strategies
Watch this webinar to learn how the Cyber Supply Chain Transparency and Remediation Act and the FS-ISAC Third Party Software Security Working Group guidelines are sharing the landscape with respect to modern governance of open source software risks.
Experts Share DevOps / CD Reference Architectures
Listen to the panel discussion between Dave Farley, co-author of Continuous Delivery, and Curtis Yanko and Brian Dawson, two experienced practitioners discuss best practices for securing new investments, driving process changes, and selecting tools to support Continuous Delivery and DevOps practices.
A "Firewall" for Bad Binaries
Nexus repository managers first revolutionized software builds, making them faster and more reliable. Now we are arming your repositories with supply chain intelligence and policy automation to keep the bad components out. See how you can automate open source policies at the earliest possible point - your repository manager.
Continuous Acceleration with a Software Supply Chain Approach
Listen to Gene Kim, CTO, researcher and author of the best-selling book “The Phoenix Project” and Josh Corman, Sonatype CTO and co-founder of Rugged Software as they discuss how high performing organizations are applying proven supply chain principles to accelerate software delivery.
With the deadline for GDPR fast approaching, what can organisations do to become compliant and remain so in their future software development? BDQ, Atlassian and Sonatype invite you to a webinar giving an overview of the legislation and a pragmatic approach on how to handle various GDPR requirements, such as documentation, data subject requests and breach reporting.
We've brought together TomiTribe and the Federal Reserve Bank of New York to discuss the importance of trusted software supply chains in the post-Equifax breach environment. Learn why Gartner believes that establishing, managing and maintaining trust requires an integrated approach to embed and quantify trust throughout your entire DevOps practice.
No single tool can deliver on the promise of DevOps. Instead, it’s a collection of tools, easily integrated, tightly managed and effectively automated. Watch this webinar to learn more about our latest DevOps integrations and product enhancements.
Whether you’re building applications with JavaScript, Java, NuGet, or Docker containers - see how the Nexus Platform delivers truly precise component intelligence for npm, on a DevOps-native platform, automated at scale.
We’ve studied the patterns and practices exhibited by high-performance organizations. We’ve also documented how these innovators are utilizing the principles of software supply chain automation to manage the massive flow and variety of open source components and consistently deliver higher quality applications for less. Hear the findings.
Applications, comprised of middleware and open source components, offer intruders a broad footprint and attack surface area. Join this webinar to learn how a leading global financial services firm is establishing a clean open source supply chain to support their software development and application security goals.
Learn how organizations like Capital One, Intuit, and FedEx rely on Nexus software supply chain tools to consume real-time component intelligence, implement automated component controls and monitor components continuously throughout the software lifecycle.
Before rolling Docker into production users are demanding access to private registries to securely store and manage their Docker images. Listen to Chris Riley, DevOps analyst at Fixate and Jeffry Hesse, Nexus product owner at Sonatype share their thoughts on the importance of having a premium private Docker registry.
Listen to the panel discussion between Dave Farley, co-author of Continuous Delivery, and Curtis Yanko and Brian Dawson, two experienced practitioners discuss best practices for securing new investments, driving process changes, and selecting tools to support Continuous Delivery and DevOps practices.
Nexus repository managers first revolutionized software builds, making them faster and more reliable. Now we are arming your repositories with supply chain intelligence and policy automation to keep the bad components out. See how you can automate open source policies at the earliest possible point - your repository manager.
Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia
London Office -168 Shoreditch High Street, E1 6HU London
Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.