Tag Archives: components

Application Health Check

Application Health Check App v.2.3.0-02

Application Health Check App v.2.3.0-02

The Application Health Check application, our free vulnerability assessment tool that provides a Software Bill of Materials, has been updated to v.2.3.0-02. You can find it on the AHC download page. AHC will provide you with a Software Bill of Materials for the open source components within your applications. The latest versions available are: Windows:

secure nexus repo feature

Setting up a Secure, Private Nexus Repository

What an exciting first post, I’m sure. But it’s what I’m working on, I suppose. A few things, first: We’re using an LDAP server to identify team members. LDAP and Nexus are on different domains (though, possibly, the same machine). I’m not a system admin, so this is likely going to be painful. The Plan

nexus firewall featured

Nexus Firewall – Quality at Velocity

Repository managers like Nexus and Artifactory have been serving software components for development teams and their tooling for years now.  This November, we are introducing an innovative way to improve speed and reduce risk through the quarantine of components with known vulnerabilities.  With the integration of Nexus Firewall, you can shield your application development from

2016 State of the Software Supply Chain Report

2016 State of the Software Supply Chain Report Released

The 2nd Annual State of the Software Supply Chain Report has been released, containing information on open source download patterns from over 3000 organizations. The report is a Sonatype research project, analyzing data from over 31 billion downloads from the Central Repository and other open source repositories. Listen to the OWASP 24/7 Podcast below to

npm-gate - featured image

npm gate – Lessons Learned Again

The recent events in the world of JavaScript developers and npm definitely caused a storm on twitter and the internet in general. If you want to find out more around the kik package, the trademark threats, the unpublishing of the left-pad package and the resulting breakage of packages and builds everywhere, check out this recap.

Nexus Firewall - Featured Image

Step-by-Step: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall

We have added two more videos in the Tips from the Trenches Series free training series, explaining how to configure and use Nexus Firewall to block and quarantine open source components with known vulnerabilities. Tips from the Trenches is a 32 part, quick hit video series that is available to all members of TheNEXUS Community

3 Things from the VW Scandal - Featured Image

3 Things Developers Can Learn from the Scandal at VW

Over the past few weeks, I have been following the scandal involving Volkswagen. Most of us have learned that VW installed so called “cheating software” in their diesel cars, which in conjunction with the anti-lock brakes and traction control system enables a cheat mode when their diesel cars were tested for emissions. Current estimates place

Software Supply Chain Report

2015 State of the Software Supply Chain Report: Released

  This morning, the 2015 State of the Software Supply Chain Report was released. This is a fascinating study done by Derek Weeks, analyzing component usage of 106,000 organizations. Some of the research is common knowledge, such as 17B downloads of components per year from the Central Repository, or that Nexus is the 800 pound

Author, Derek Weeks

How a Software Bill of Materials Uncovers Known Vulnerabilities

In two minutes, we can show you a full software bill of materials for your application.  We can also identify any known vulnerabilities in the open source and third-party components within your Java application.  Oh, and by the way, it’s free. That’s right, at Sonatype, we could not be more in favor of the code

Author, Derek Weeks

Real World Experiences: Blackboard

As part of a new series we’re calling ‘Real World Experiences’ we’ll be highlighting how Sonatype customers are benefiting from greater development efficiency, higher productivity levels, faster time to market and better quality software, all while being more secure. We kick off the series covering Blackboard, the world’s leading education technology company. Blackboard challenges conventional thinking and

Top