Tag Archives: artifacts

Application Health Check

Application Health Check App v.2.3.0-02

Application Health Check App v.2.3.0-02

The Application Health Check application, our free vulnerability assessment tool that provides a Software Bill of Materials, has been updated to v.2.3.0-02. You can find it on the AHC download page. AHC will provide you with a Software Bill of Materials for the open source components within your applications. The latest versions available are: Windows:

javabuildsfeature

Improving Build Time of Java Builds on OpenShift

Improving Build Time of Java Builds on OpenShift Since we released OpenShift 3 back in July 2015, one of the most common questions I get from developers is how to get better build time for Java based builds. In this post, I will guide you through the process of speeding up Java Maven based builds,

DevOps Tutorial - Featured Image

DevOps Tutorial (Part 3): Artifact Management

This DevOps Tutorial is Part 3 of my series on Java Project Versioning. Check out the other articles: DevOps Tutorial (Part 1): Introduction to Project Versioning with Maven DevOps Tutorial (Part 2): Use Maven Release Plugin to Manage Versions DevOps Tutorial (Part 4): Continuous Integration DevOps Tutorial (Part 5): Parallel Deployment Now that your build pipeline consistently versions your

2016 State of the Software Supply Chain Report

2016 State of the Software Supply Chain Report Released

The 2nd Annual State of the Software Supply Chain Report has been released, containing information on open source download patterns from over 3000 organizations. The report is a Sonatype research project, analyzing data from over 31 billion downloads from the Central Repository and other open source repositories. Listen to the OWASP 24/7 Podcast below to

Nexus Firewall - Featured Image

Step-by-Step: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall

We have added two more videos in the Tips from the Trenches Series free training series, explaining how to configure and use Nexus Firewall to block and quarantine open source components with known vulnerabilities. Tips from the Trenches is a 32 part, quick hit video series that is available to all members of TheNEXUS Community

Deserialization - Featured Image

The Latest Victim of Deserialization-Gate

Last week the world was hit with what can be awarded the Vulnerability Of The Day for Java – the commons-collections deserialization vulnerability. The latest victim of the continued series of vulnerabilities comes from the Spring project with an implicating class that allows the same unsafe deserialisation vector in the spring-core. What makes this issue particularly

Author, Ilkka Turunen

Using the REST API in Nexus 2.x

I’ve recently received a few questions asking how the deployment of Nexus can be automated as much as is possible by using configuration management tools such as Chef, Puppet, Saltstack, Docker, etc. This is common in a scenario where you may want to set up multiple Nexuses with defined repository structures and pre-installed license keys.

Author, Maarten Smeets

Sonatype Nexus: Delete artifacts based on a selection

Sonatype Nexus provides several mechanisms to remove artifacts from the repository. You can schedule a job to keep only specified number of the latest releases (see here). You can also specifically remove a single artifact or an entire group using the API (see here). Suppose you want to make a selection though. I only want

Author, Mark Miller

Artifact Listener: New Update Pushed

Guillaume Smet has created an innovative solution for notification of new releases on the Central Repository. It’s called Artifact Listener.  When I spoke with him about it last week, he said he had just pushed a new release and would like people to come and try it out. Here’s his description of the project. Artifact

Author, Maarten Smeets

Using Maven to assemble and release artifacts to Nexus

An important part of a release process is storing artifacts in an artifact repository. Many customers use custom implementations of artifact repositories (such as file shares in combination with custom scripts) but there are also products which offer many functions of such a repository (and probably many more) out of the box so that custom

Top