Articles


02-22-2017
When it Comes to Application Security, "Doing Your Homework"​ Matters by Matthew Barker
They say software is eating the world, very true, but it has become even more clear that OSS components are eating the software world. This amazing revolution is driving unimagined gains in innovation and efficiency in our ability to deliver soft...
02-21-2017
Improving Build Time of Java Builds on OpenShift by Jorge Morales
Improving Build Time of Java Builds on OpenShift Since we released OpenShift 3 back in July 2015, one of the most common questions I get from developers is how to get better build time for Java based builds. In this post, I will guide you th...
02-18-2017
AppSec EU 2017 Belfast - What to Expect by Mark Miller
In mid-May I'll be joining the organizing team of AppSec EU 2017 in Belfast for a week of security and DevOps sessions. Listen in as Gary Robinson, Michelle Simpson and Owen Pendlebury talk about what's planned for the week.
02-16-2017
Using Nexus 3 as Your Repository - Part 3: Docker Images by Rafael Eyng
This is the third and last part of a series of posts on Nexus 3 and how to use it as repository for several technologies. (Part 1. Part 2.) Installation Check out the first part of this series to see how we installed and ran Nexus 3 using a sin...
02-15-2017
Culture Hacking at RSAC 2017 with Shannon Lietz by Shannon Lietz
On Monday, February 13, Shannon Lietz gave a quick, 20 minute overview of her investigations and implementation of Culture Hacking at Intuit. Below is the extended version of that presentation, including audio and the slide deck. Shannon will continu...
02-15-2017
CI/CD with OpenShift by Siamak Sadeghianfar
Releasing software frequently to users is usually a time-consuming and painful process. Continuous Integration and Continuous Delivery (CI/CD) can help organizations to become more agile by automating and streamlining the steps involved in goin...
02-14-2017
Using Nexus 3 as Your Repository - Part 2: Npm Packages by Rafael Eyng
This is the second part of a series of posts on Nexus 3 and how to use it as repository for several technologies. Also available is "Part 1, Maven Artifacts" by Rafael Eyng. npm install can take too long sometimes, so it might be a good idea t...
02-09-2017
Full Program for DevOps Connect: DevSecOps Track at RSAC 2017 by Mark Miller
Next week, Monday, February 13, DevOps.com and Sonatype are co-hosting the DevOps Connect: DevSecOps track at RSAC 2017 in San Francisco. This is the largest security conference in the world, including DevOps sessions all day Monday, plus more pl...
02-08-2017
Using Nexus 3 as Your Repository - Part 1: Maven Artifacts by Rafael Eyng
This article is the first in a three part series by one of our community advocates, Rafael Eyng. You can follow his work at CodeHeaven.io Installation Install it with docker: docker run -d -p 8081:8081 -p 8082:8082 -p 8083:8083 --name my-nexus s...
02-07-2017
Achieving CI/CD with Kubernetes by Ramit Surana
Hola amigos !!(In English - Hello Friends !!) Hope you are having a jolly good day ! Continuous Integration/Delivery is best said in terms of Martin Fowler, according to him it can be defined as, “Continuous Integration is a software developmen...
02-02-2017
Sonatype Nexus installation using Docker by Rajesh Kumar
Sonatype Nexus installation using Docker 1. Download the Docker image using following commands.. # docker pull sonatype/nexus   2. Build an image from a Nexus Dockerfile # docker build --rm --tag sonatype/nexus oss/ # docker build --rm -...
02-01-2017
Nexus Firewall – Quality at Velocity by Mike Hansen
Repository managers like Nexus and Artifactory have been serving software components for development teams and their tooling for years now.  This November, we are introducing an innovative way to improve speed and reduce risk through the quarant...
01-31-2017
Running the Nexus 3 Docker Container with SSL by Simon Hardy
Better write this down while it's fresh. The container itself does not run with SSL, so you have to use a reverse proxy to do that for you. Here's how to do it... Create a Docker Network We'll use this to allow our Nexus container to talk to our NG...
01-26-2017
The Containers and I – Part Two by Fred Thiele
For clarification upfront: The “I” stands for Intershop and with that series of articles I want to elaborate a little bit on our recent adventures into the latest and biggest hype within the IT scene, which undoubtedly is Docker, the most suc...
01-25-2017
How To Install Latest Sonatype Nexus 3 On Linux by Bibin Wilson
Sonatype Nexus is one of the best repository managers out there. It is some tool that you cannot avoid in your CI/CD pipeline. It effectively manages deployable artifacts. Sonatype Nexus 3 On Linux Ec2 This article guides you to install and con...
01-24-2017
DevOps for Small Organizations: Lessons from Ed by Derek Weeks
Ed was demoralized. He had just heard a speaker who would change his life. He knew he needed to change, and he knew what the end goal was. He just didn’t know how to get there. He needed fresh air. He needed endorphins. What better way to do that t...
01-23-2017
Java AutoModules Considered Bad for Your Health by Brian Fox
Preface: We have sent the following information to the Jigsaw working group to help advise on some potentially significant impacts on the Java ecosystem that not many people are aware of. We are making this more public to gather more feedback from...
01-20-2017
Speakers and Schedule for DevOps Connect: DevSecOps at RSAC 2017 by Mark Miller
For the third year in a row, DevOps.com and Sonatype are co-organizers of DevOps Connect at RSAC 2017 in San Francisco, Monday, February 13. As automated security continues to gain traction as an integral part of the DevOps pipeline, we are con...
01-19-2017
DevOps Tutorial (Part 3): Artifact Management by Scott Rich
This DevOps Tutorial is Part 3 of my series on Java Project Versioning. Check out the other articles: DevOps Tutorial (Part 1): Introduction to Project Versioning with Maven DevOps Tutorial (Part 2): Use Maven Release Plugin to Manage V...
01-17-2017
Shannon Lietz - Keynote Preview for AppSec EU 2017, Belfast by Mark Miller
Shannon Lietz, DevSecOps Lead at Intuit, will be giving a keynote presentation at AppSec EU 2017, Belfast. I talked with Shannon about what she will be presenting and why she is so excited to return to Ireland.  
01-17-2017
Nexus Build Extension for Team Services by Jason Sholl
We are pleased to announce the new Integrate with Sonatype Nexus extension available from the Visual Studio Marketplace for Team Services and Team Foundation Server (TFS). This extension adds a build task which makes it easy to upload your ...
12-20-2016
Nexus Repository 3.2 Enhances Support for Backups, Docker, and Firewall by Michael Prescott
The Nexus Repository team is pleased to announce the immediate availability of Nexus Repository Pro and OSS 3.2 just in time for the holidays. New and Noteworthy Backup & Restore.  We’ve made two improvements to Nexus Repository for a better...
11-30-2016
2016 AppSec USA - An Update on the WebGoat Project by Mark Miller
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is one of the most used projects at OWASP. With the current team headed by Bruce Mayhew, Nanne Baars and Jason White, wor...
10-12-2016
AppSec USA 2016: Core Rule Set Project Update w/ Chaim Sanders [AUDIO] by Mark Miller
The OWASP ModSecurity Core Rule Set Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application. Chaim Sanders,Ryan Barnett, Christian Folini and Walter Hop ...
10-09-2016
The Future of DevSecOps w/ Shannon Lietz and Chris Swan, Live From IP Expo London by Mark Miller
This is a live recording from 2016 IP Expo London, with Shannon Lietz (Intuit), Chris Swan (CSC) and host Mark Miller (Sonatype) discussing the future of security as it relates to DevOps. Shannon and Chris are real world practitioners, bringing stori...
09-19-2016
2016 OWASP Board Election Interviews - Part Four of Four - Members, Projects, Conferences, Chapters by Mark Miller
Today's OWASP 24/7 Podcast is the fourth in a series of four, talking with prospective 2016 board members. Today's question is, "What is more important to you as a candidate 1) Members 2) Projects 3) Conferences 4) Chapters " The format for today'...
09-18-2016
2016 OWASP Board Election Interviews – Part Three of Four – Most Important Issues by Mark Miller
Today's OWASP 24/7 podcast is the third in a series of four, talking with prospective 2016 board members. Today's question is, "What is the single most important issue for you to tackle if elected to the board?" The format for today's Q&A with...
09-15-2016
2016 OWASP Board Election Interviews – Part Two of Four – Vendor Neutrality by Mark Miller
Today's OWASP 24/7 podcast is the first in a series of four, talking with prospective 2016 board members. Today's question is, "Do you consider vendor neutrality an issue at OWASP? If so, why?" The format for today's Q&A with potential board m...
09-14-2016
2016 OWASP Board Election Interviews - Part One of Four - Developer Participation by Mark Miller
Today's OWASP 24/7 podcast is the first in a series of four, talking with prospective 2016 board members. Today's question is, "What kind of action plan do you have in mind to help motivate the participation of Developers into OWASP community." Th...
09-14-2016
Introducing the Nexus Jenkins Plugin by Justin Young
Automated Publishing As a long time Java developer, I’ve always depended on the Maven build process to automatically publish my artifacts to a Nexus Repository Manager.  This automated process was made possible thanks to some very useful plugins ...
09-13-2016
All Day DevOps: Bringing DevOps to the World by Mark Miller
Update: Pre-conference registration is open. The global audience for DevOps is expanding faster than any one person or company can keep up with. While DevOps Days and other regional events provide invaluable support to their local communities,...
09-12-2016
Nexus Repository OSS 3.0.2 Release by Michael Prescott
The Nexus team is pleased to announce Nexus Repository OSS 3.0.2. We’re rolling out support for two popular formats: PyPI and RubyGems, in addition to a raft of bug fixes. This brings the family of freely available formats in Nexus Repositor...
09-09-2016
AppSec USA 2016 Pre-Conference Update by Mark Miller
From October 11 - 14, 2016, appsec professionals from around the world will gather in Washington DC to participate in one of this year's main OWASP events, AppSec USA 2016. In this broadcast of OWASP 24/7, I speak with three organizers of the event (...
08-18-2016
Security as Part of Continuous Delivery with Sacha Labourey by Mark Miller
Continuing the theme of integrating security in DevOps processes, I spoke with Sacha Lebourey, CEO of Cloudbees, during a stop at CD Summit in London. As one of the main players in the software supply chain for DevOps, I was interested in Sacha's per...
08-15-2016
Upgrade Nexus Repository Manager 2 to 3: Get Early Access by Jeffry Hesse
A Double Dose Of Sonatype Awesomeness: Get Early Access, Test Out Upgrade! After a bunch of fun (and midnight oil) behind the scenes, we’ve hit a point where we want to invite a limited group of users to upgrade Nexus Repository Manager 2 to 3, ...
07-28-2016
Tame The Ruby Colored Snake: Python + RubyGems + Repository Manager OSS Early Access by Jeffry Hesse
UPDATE: September 8, 2016, from Joe Tom Interested parties, for your awareness: Because Sonatype is releasing version 3.0.2 very soon (as soon as mid-September 2016) which includes PyPI and RubyGems support, we are no longer releasing early ac...
07-21-2016
Unicorns on an Aircraft Carrier: DevOps Security at Scale with Sanjeev Sharma by Mark Miller
Sanjeev Sharma is a Distinguished Engineer at IBM. His main concern is how DevOps initiatives scale in large enterprises. In this wide ranging discussion recorded during CD Summit in Stockholm, I talk with Sanjeev about DevOps adoption, how security ...
07-11-2016
2016 State of the Software Supply Chain Report Released by Mark Miller
The 2nd Annual State of the Software Supply Chain Report has been released, containing information on open source download patterns from over 3000 organizations. The report is a Sonatype research project, analyzing data from over 31 billion downl...
07-06-2016
Security as Part of DevOps and Development with Jason Schmitt by Mark Miller
Jason Schmitt's passion is to assure security is built into the development process, not just as a bolt-on add-on. His experience in various aspects of software security has led him on a path through mobile, application and cloud security. In our ...
07-05-2016
July 5, 2016: 5 DevOps Podcasts for your Morning Commute by Mark Miller
No need to hunt around for the latest in DevOps podcasts. It's the Tuesday morning refresh, July 5, 2016, highlighting 5 DevOps podcasts for your morning commute. Am I missing a podcast you think should be featured? Leave a comment below and I'll che...
07-05-2016
Brandon Holcomb - An Innovator's Journey to DevOps by Mark Miller
Brandon Holcomb, VP Technology, Global Platforms at Equifax, is worried about scaling IT projects at large enterprises. As head of infrastructure at Equifax, and previously at Home Depot, Holcomb has led large, transformational projects while co...
07-01-2016
Interviews and Insights from AppSecEU 2016 by Mark Miller
At AppSecEU 2016 in Rome, Italy, I sat down with project leads and session leaders to hear what they were working on and what they would like the community to know about their projects and plans. Interviews will be added to this list as they beco...
06-30-2016
Packaging and Shipping Rails Applications in Docker by Allan Espinosa
You’re very happy as a Rails developer for drinking the Docker kool-aid. You just need to toss a Docker image to your Ops team and you're done! However, like all software projects, your Docker containers start to decay. Deployment takes days to...
06-29-2016
Using Nexus 3 as a Private Docker Registry by Stephan Hochdörfer
For a long time I was planning to use Docker at my company bitExpert AG but realized that if we wanted to make use of Docker we needed a private registry to store (and share) the different containers needed for our projects. Unfortunately most Do...
06-29-2016
Interview with Mark Miller, Sonatype Senior Storyteller, DevOps Evangelist by Mark Miller
In this episode from the OWASP 24/7 Podcast Series, Jim Manico turns the tables on me for his 100th podcast. He digs into my past, asks about my motivations for participating in OWASP, asks how I got started at Sonatype, how marketing plays a rol...
06-28-2016
June 28, 2016: 5 DevOps Podcasts for your Morning Commute by Mark Miller
No need to hunt around for the latest in DevOps podcasts. It's the Tuesday morning refresh, highlighting 5 DevOps podcasts for your morning commute. Am I missing a podcast you think should be featured? Leave a comment below and I'll check it out. ...
06-22-2016
The Reports of Agile's Death have been Greatly Exaggerated by Mike Hansen
Twain quip aside, the posts about how agile is dead are rather frequent, with their either salacious or juicy narratives depending on your own experiences.   Have their been failures?  Of course.  Dogma and religious zealotry stemming from ...
06-21-2016
5 DevOps Podcasts for this Week's Commute by Mark Miller
It's Tuesday, the initial flood of "to do's" has passed through the inbox and now it's time to determine what's on the agenda for the rest of the week. There are some pretty great DevOps podcasts floating around, so I'm listing my top five for th...
06-13-2016
<— Shifting Security to the Left by Shannon Lietz
Software is assembled from many component parts to quickly address customer needs.  The end-to-end process of delivering value through software starts with ideation and ends with a finished product or service that significantly improves th...
06-10-2016
Managing Java Dependencies with Nexus Lifecycle by James Nicholson
A typical Java application can have hundreds of external dependencies that include proprietary libraries and others from many different sources. Tools such as Maven, make adding and managing these dependencies easy, but by themselves they aren'...
06-08-2016
An Innovator's Journey: 8 Interviews by Mark Miller
The Innovator’s Journey to DevOps, is a series of interviews profiling individual DevOps practitioners who are transforming the way developers, IT operations, and security professionals collaborate to accelerate software innovation. These are r...
06-08-2016
Integration with Nexus Repository 3 by Manfred Moser
Nexus Repository supports new repository formats such as Docker and Bower and introduces a fresh, clean user interface among other advantages. Adopting or upgrading repository manager often means that you need to update the configuration for your...
05-24-2016
Sonatype Automated Deployments with Atlassian Bitbucket Pipelines by Manfred Moser
With the release of Atlassian’s new Bitbucket Pipelines, you can now configure your project to have continuous builds performed in the cloud easily. Powered by the knowledge of Atlassian on how to run large infrastructure for tools such as Confluen...
05-19-2016
Implementing a DevOps Strategy Across Multiple Locations and Product Teams by Stephen Williams
Over the last 18 months, a change has begun within the Ticketmaster International Team. Barriers are being broken down between the engineering and operational teams, our different product delivery teams are being aligned and knowledge sharing across ...
05-11-2016
Migrating to Nexus Repository 3 - Easy Peasy by Manfred Moser
Nexus Repository Manager 3 is released and available to everyone as the free OSS distribution. With the increased support for different repository formats and numerous other advantages, we've got thousands of new users adopting it. Users of N...
05-03-2016
Nexus Lifecycle and IntelliJ IDEA by Jeff Wayman
Our roots are deeply secured to the development community at Sonatype. While Nexus products now span roles and responsibilities across an organization, we’re always looking to consider the needs of our developer tribe. We make it a point to con...
05-02-2016
Puppet-eering the Nexus Repository Manager by Manfred Moser
The popular configuration management tool Puppet is widely used to provision and manage myriads of servers. It can be used to install software initially, configure it and update it. Doing all that is easy since you can describe the configuration ...
04-25-2016
Gitflow, Maven, and CI Done Right: Part 1 – Teaching Maven New Tricks by Bryan Varner
A Note from Brian Varner: Hi, I’m Bryan. This is my first blog post from E-gineering. I want it to be memorable. I want it to be epic. I want it to be informative. I want to convey how much time I’ve spent over the years looking for an elega...
04-20-2016
Nexus IQ Server 1.20 Now Available by Jamie Whitehouse
Today we’ve announced the release of Nexus IQ Server 1.20, the underlying technology that supports our Continuous Component Intelligence product line: Nexus Lifecycle, Nexus Firewall, and Nexus Auditor. While there are many changes, but I’...
04-19-2016
Seven Habits of Rugged DevOps - Amy DeMartine at RSAC 2016 [VIDEO] by Mark Miller
Editor’s Note: This video is from the 16 part series, “DevOps Connect: Rugged DevOps at RSA Conference 2016”. The entire series is available, on-demand to members ofTheNexus Community. https://www.youtube.com/watch?v=BDzFVFpgtcU View the vi...
04-19-2016
Impressions from DevOpsDays Vancouver 2016 by Manfred Moser
DevOpsDays are always a great event for a geek to attend. You get to chat to fellow hackers and coders and therefore people, who actually understand what you are talking about. The vibe that results from these conversations is always amazing. Pre...
04-14-2016
Uploading Artifacts into Nexus Repository via PowerShell by Mario Majčica
It may not be the most common thing, however it may happen that you need to upload an artifact to a maven repository in Nexus via PowerShell. In order to achieve that, we will use Nexus REST API which for this task requires a multipart/form-data ...
04-13-2016
A Dozen Reasons Why Nexus Repository 3.0 Kicks Ass by Manfred Moser
With the release of Nexus Repository Manager OSS 3.0, you might be wondering if it is worth checking out. In my opinion there is no reason not to, since it can be done easily. More importantly, there are lots of reasons to have a look: 01: Insta...
04-12-2016
2015 in Review: Failures in Public Safety and Privacy w/ Kim Zetter [Video] by Mark Miller
https://www.youtube.com/watch?v=6_wZefFFUCw View the video on YouTube: 2015 in Review: Failures in Public Safety and Privacy Editor's Note: This video is from the 16 part series, "DevOps Connect: Rugged DevOps at RSA Conference 2016". The entire s...
04-12-2016
Why I Chose Nexus Repository Over Artifactory When Using Docker by Asaf Mesika
A couple of days ago, I needed to setup Logz.io’s first internal Maven repository. We’re a youngish company in the field of Log Analysis and haven’t needed a Maven repository so far. We rely heavily on open source technologies but the need to...
04-06-2016
Spring Into The Future: Nexus Repository Manager 3.0 Release by Jeffry Hesse
Today, we are super stoked to deliver the culmination of quite a few awesome people’s effort, an update to the product I hold near and dear: Sonatype’s Nexus Repository. Just in time for cherry blossoms, thawing landscapes, and warmer days...
04-05-2016
Ops Happens: Improve Security Without Getting in the Way - Damon Edwards at RSAC 2016 [Video] by Mark Miller
https://www.youtube.com/watch?v=uOIqNN1sftA View on YouTube: Ops Happen: Improve Security Without Getting in the Way Editor's Note: This video is from the 16 part series, "DevOps Connect: Rugged DevOps at RSA Conference 2016". The entire series is...
04-04-2016
Use Nexus Repository Manager OSS as Nuget Server - Part 03 by Mario Majčica
.   Editor's Note: This is a three part series by Mario Majčica. In Part 01, Mario walks through the setup of Nexus as a NuGet Proxy. In Part 02, he examines other considerations (Proxy, License and Vulnerability Tracking, Maintenance,...
04-01-2016
Communication Patterns in Open Source Component Supply Chains by Mark Miller
Editor's Note: After the publication of this article, I was able to speak with Dr. Murphy about the research for her project and the future plans for her and Dr. Marc Palyart to extend the project. You can listen to the full interview below. ...
03-31-2016
Use Nexus Repository Manager OSS as Nuget Server - Part 02 by Mario Majčica
Editor's Note: This is a three part series by Mario Majčica. In Part 01, Mario walks through the setup of Nexus as a NuGet Proxy. In Part 02, he examines other considerations (Proxy, License and Vulnerability Tracking, Maintenance, Support and Do...
03-29-2016
What We Learned From Three Years of Sciencing the Crap Out of DevOps [VIDEO] by Mark Miller
  https://youtu.be/cJVUtbSmXaM Editor's Note: This video is from the 16 part series, "DevOps Connect: Rugged DevOps at RSA Conference 2016". The entire series is available, on-demand to members of TheNexus Community. Jez Humble and Nicole F...
03-29-2016
Use Nexus Repository Manager OSS as Nuget Server - Part 01 by Mario Majčica
Editor's Note: This is a three part series by Mario Majčica. In Part 01, Mario walks through the setup of Nexus Repository Manager OSS as a NuGet Server. In Part 02, he examines other considerations (Proxy, License and Vulnerability Tracking, Mai...
03-28-2016
Jenkins and Nexus for Micro-Service Deployments by Pradeep Macharia
Editor's Note:We'll be in Dallas next week, April 4 - 5, 2016, with our friends from Jenkins/Cloudbees as we continue our Rugged DevOps mission to automate the software supply chain. If you're in the Dallas/Fort Worth area, we'd love to see you t...
03-25-2016
npm gate - Lessons Learned Again by Manfred Moser
The recent events in the world of JavaScript developers and npm definitely caused a storm on twitter and the internet in general. If you want to find out more around the kik package, the trademark threats, the unpublishing of the left-pad package...
03-19-2016
April in Dallas: The Nexus 2016 World Tour Begins by Mark Miller
Coming off an extremely successful Rugged DevOps at RSA Conference 2016, the Sonatype team will be hitting the road for the Nexus World Tour, starting in April. In the first leg, you can find us in Dallas, Chicago and Boston, with stops in b...
03-11-2016
16 Sessions from Rugged DevOps at RSAC 2016 to be Released on Video by Mark Miller
Following on the heels of a very successful Rugged DevOps at RSA Conference 2016, DevOps.com and Sonatype Nexus are set to release the recorded sessions from the event. This is the complete set of presentations, each with fully synced slides and ...
03-11-2016
Continuous Integration Platform Using Docker Containers: Jenkins, SonarQube, Nexus, GitLab by Marcel Birkner
In 2016, the concepts and advantages of Continuous Integration (CI) should be well known to most software developers. There are plenty of tools, books and blog articles that cover that topic. One of the first articles was written in 2006 by Ma...
03-07-2016
The Low Cost of High Caliber Developers by Mike Hansen
There is a vast difference in individual developer productivity.  You could argue that for certain intractable problems that there is an infinite difference in productivity since some developers will just never be able to solve a certain problem...
02-29-2016
DevOps Connect: Rugged DevOps at RSA by Chris Riley
Live blog from DevOps Connect - get the slides now by emailing mmiller@sonatype.com Note: this page does not auto-refresh It is time for me to sign off. The Rugged DevOps sessions at DevOps connect were, well rugged. They brought reality to DevOps...
02-10-2016
Get a Free Pass to DevOps Connect: Rugged DevOps at RSAC by Mark Miller
DevOps combined with security is a hot topic as enterprises are implementing DevOps methodologies and tools into their developer solutions. Even Forrester, in their "Seven Habits of of Rugged DevOps", acknowledges the movement to more automation....
02-04-2016
Sonatype Closes $30 Million Financing by Wayne Jackson
From Wayne Jackson, CEO, Sonatype At Sonatype, we know two things are true: Security, quality, and speed are critical to modern software (business) success. The world’s best software starts with the world’s best components. That...
02-02-2016
Continuous Delivery: How to Transform Application Release [VIDEO] by Derek Weeks
This past November at CA World 2015, we participated in a panel discussion on transforming application development and release with Continuous Delivery and DevOps practices.  The panel included: Tim Mueting: CA's Release Automation soluti...
02-01-2016
Dance Card for DevOps Connect: Rugged DevOps at RSAC by Mark Miller
Important Update We have free passes for those who'd like to come to DevOps Connect: Rugged DevOps at RSA Conference starting on February 29, 2016. Read the article, Get a Free Pass to DevOps Connect: Rugged DevOps at RSAC, register for your pas...
02-01-2016
Easy Publishing to Central Repository - 8 Part Video Series by Manfred Moser
This morning we published the final videos in the 8 part series, Easy Publishing to Central Repository. This series, created by Manfred Moser, takes all the guess work out of publishing your project to Central. Community Members have immediate acce...
01-26-2016
First Deployments to Central Repository and Project Object Model [Videos] by Manfred Moser
We now have 6 videos completed in the 8 part series, "Easy Publishing to the Central Repository". In the most recent of the set, Manfred Moser walks through First Deployments to Central and the Project Object Model (POM). Community members have acces...
01-21-2016
Ground Control To Nexus Users: Nexus Repository Manager 3 Milestone 7 Release by Jeffry Hesse
“This is Major Tom to Ground Control. I’m stepping through the door…” This release is in remembrance of David Bowie. The final milestone is here, and we are pleased to announce Nexus Repository Manager 3 Milestone 7 has “made the gra...
01-20-2016
Easy Publishing to Central Repository - 3 New Videos by Manfred Moser
https://www.youtube.com/watch?v=DE3FVty3NgE Requirement and Signing Tips using PGP. View the entire series in the Easy Publishing to Central Repository Video Gallery, available to all community members. This week, we continue our free video tr...
01-12-2016
DevOps Connect: Rugged DevOps Confirmed Track at RSAC 2016 by Mark Miller
I'm very excited to confirm TheNEXUS at Sonatype and DevOps.com and has confirmed the speaker roster for the 2nd Annual DevOps Connect: Rugged DevOps Edition at RSA Conference. This is a day long series of sessions focusing on the DevOps Softw...
12-23-2015
Easy Publishing to the Central Repository - New Video Series by Manfred Moser
In a new series of how-to videos, Easy Publishing to the Central Repository, we'll look at common scenarios that might slow you down when publishing to Central Repository. When approving projects, we find that up to 20% have to make a simple name...
12-17-2015
Call for Papers - DevOps Connect: Rugged DevOps at RSAC by Mark Miller
The second annual DevOps Connect: Rugged DevOps is confirmed for Monday, February 29 at the RSA Conference in San Francisco. We've got a 1000 seat room and we're looking for DevOps practitioners who are willing to tell some real stories from the ...
12-14-2015
Step-by-Step: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall by Manfred Moser
We have added two more videos in the Tips from the Trenches Series free training series, explaining how to configure and use Nexus Firewall to block and quarantine open source components with known vulnerabilities. Tips from the Trenches is a 32 ...
12-03-2015
Using Jenkins with Nexus Repository Manager [4 Videos] by Manfred Moser
In our continuing series of videos, "Tips from the Trenches", we have four sessions on using Nexus with Jenkins. We also have a set on Hudson with Nexus, Atlassian Bamboo with Nexus and setting up Docker repositories with Nexus. All 30 videos in the ...
11-30-2015
The Next Level of npm Support with Nexus [VIDEOS] by Manfred Moser
I has been quite a while since I last wrote about support for npm in the Nexus Repository Manager. Back then I was very excited to announce that with version 2.9 we are offering npm support to everyone for free with the OSS edition. Since then it...
11-23-2015
The Latest Victim of Deserialization-Gate by Ilkka Turunen
Last week the world was hit with what can be awarded the Vulnerability Of The Day for Java - the commons-collections deserialization vulnerability. The latest victim of the continued series of vulnerabilities comes from the Spring project with a...
11-19-2015
New npm Tools for Your Nexus Repository Manager Tool Box by Joe Tom
If you missed the announcement, this month we released another Nexus Repository Manager milestone which included our rework of the npm format.  In addition to keeping existing functions, we included support for several new things, requested over...
11-18-2015
The Nexus Firewall – Perimeter Defense for Software Development by Mike Hansen
The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities. You can respond by leveraging automation in your repository...
11-13-2015
Did you wake up to an alert about the Java Deserialization vulnerability? by Brian Fox
This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now a...
11-11-2015
What’s up Doc(ker): Nexus Repository Manager v3 Milestone 6 Release by Jeffry Hesse
We, on the Nexus team, are pleased to announce the arrival of the Nexus Repository Manager v3 Milestone 6 release! What’s new Milestone 6 of the Nexus Repository Manager v3 includes:   improvements to our Docker repository format ...
11-05-2015
Who Let Security into DevOps? [Video] by Mark Miller
Here's an interesting video of Dan Lamorena talking with Daniel Miessler, Josh Corman and Paul Muller about the inclusion of security into DevOps. Lots of talk about Deming, software supply chains and how the boundaries between security, development...
11-04-2015
Nexus and SSL by Ilkka Turunen
For updates on articles and resources, follow @TSWAlliance on Twitter Today’s topic comes from an interesting conversation I had with a customer about SSL certificates that can be used to secure Nexus and serve it via HTTPS. Though HTTPS sho...

Top