Author Archives: Brian Fox

Brian Fox - CTO Sonatype - Featured Image

Java AutoModules Considered Bad for Your Health

Java AutoModules Considered Bad for Your Health

Preface: We have sent the following information to the Jigsaw working group to help advise on some potentially significant impacts on the Java ecosystem that not many people are aware of. We are making this more public to gather more feedback from Java developers in the broader ecosystem. The final review period for the overall

Java Deserialization

Did you wake up to an alert about the Java Deserialization vulnerability?

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now and go read this factual and un-sensationalized account of the situation. I’ll wait. Ok, now

Author, Brian Fox

Nexus Lifecycle 1.15 Release

The Sonatype CLM 1.15 (Nexus Lifecycle) release focuses predominantly on improving security administration functionality. As part of this, you will likely notice some changes with regard to the associated interface in these areas. Here’s a breakdown of the improvements in this release. Details follow this summary: Built-in roles and permissions visibility Custom roles creation Java

SonarQube + Nexus Lifecycle.

Integrating SonarQube with Nexus Lifecycle

Many development organizations we work with have turned to SonarQube as a dashboard to visualize and measure their code quality. Customers using Nexus Lifecycle (formerly CLM) want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To support this growing

Author, Brian Fox

Product Update: CLM 1.14 Released

We’d like to announce the availability of the 1.14 Nautilus release. Highlights of this release are: Notification panel to stay up-to-date on CLM announcements Optionally force authentication by tools, with new roles to restrict access Send notifications to roles as well as specific email addresses System logging of user actions Vulnerability details provided within the

Author, Brian Fox

Version Control and Its Role in Continuous Delivery

How does versioning impact your Continuous Delivery pipeline? What should be versioned? What is the future direction for versioning? Brian Fox joined a panel group, sponsored by Electric Cloud, to discuss the impact of versioning in a Continuous “Everything” environment. Brian was joined by Jonathan Thorpe (Technical Marketing Manager at Perforce), Melvin Laguren (Staff Engineer at Macy’s),

Author, Brian Fox

Supply Chain Solutions for Modern Software Development [VIDEO]

The concepts of supply chain management, the industrial revolution and the transformation of software development with open source are all tied together in this talk by Brian Fox, VP of Product Management, during the January 2015  Long Island OWASP user group meetup. You can also view the slide deck on

Author, Brian Fox

Rubyists Rejoice – Nexus Supports RubyGem Repositories

We have done it again! Our Nexus development team has been busy this fall.  With Nexus 2.9 in September, we introduced NuGet support for Nexus Open Source.  In October Nexus 2.10 introduced npm support for all Nexus editions.  And now with Nexus 2.11, we are adding Ruby Gem Repository support! We are happy to announce