Tag Archives: open source

Application Health Check

Application Health Check App v.2.3.0-02

Application Health Check App v.2.3.0-02

The Application Health Check application, our free vulnerability assessment tool that provides a Software Bill of Materials, has been updated to v.2.3.0-02. You can find it on the AHC download page. AHC will provide you with a Software Bill of Materials for the open source components within your applications. The latest versions available are: Windows:

2016 State of the Software Supply Chain Report

2016 State of the Software Supply Chain Report Released

The 2nd Annual State of the Software Supply Chain Report has been released, containing information on open source download patterns from over 3000 organizations. The report is a Sonatype research project, analyzing data from over 31 billion downloads from the Central Repository and other open source repositories. Listen to the OWASP 24/7 Podcast below to

Nexus Firewall - Featured Image

Step-by-Step: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall

We have added two more videos in the Tips from the Trenches Series free training series, explaining how to configure and use Nexus Firewall to block and quarantine open source components with known vulnerabilities. Tips from the Trenches is a 32 part, quick hit video series that is available to all members of TheNEXUS Community

Author, Ilkka Turunen

How to Detect and Enforce Open Source Licenses

I received this question from a client today: Right now we are using Nexus OSS. We are considering upgrading to Nexus Pro for two reasons: We need to control licences of our dependencies – with Maven it’s too easy to add dependencies We need to track updates of our dependencies Nexus Repository Health Check seems

Author, Derek Weeks

Better and Fewer Suppliers (2015 Software Supply Chain Report)

  That Supplier is Better For You Since releasing the 2015 State of the Software Supply Chain Report, there has been a lot of great discussion across the industry on best practices for managing the complexity introduced by the volume and velocity of the components used across your software supply chain. Today I want to focus

Author, Derek Weeks

Real World Experiences: Blackboard

As part of a new series we’re calling ‘Real World Experiences’ we’ll be highlighting how Sonatype customers are benefiting from greater development efficiency, higher productivity levels, faster time to market and better quality software, all while being more secure. We kick off the series covering Blackboard, the world’s leading education technology company. Blackboard challenges conventional thinking and


Nexus 2.11.1 – It is Time to Upgrade

The release of Nexus 2.11.1 includes a fix for the security vulnerability CVE-2014-9389. You can read all the details about the issue in our related support page.  Whenever a new Nexus release becomes available there are a myriad of reasons to upgrade. The team always seems to manage to bring in some really useful new features

Author, Mike Hansen

An Open Source License to Speed

There is no actual speed limit in software development, at least not a theoretical one.  In fact, we are forever pushing the envelope with new thinking and techniques with progressive teams typically driving right at the edge between control and chaos, frequently flirting with the latter.  Agile methods, lean thinking, open source and most recently

Author, Mark Miller

TheNEXUS Week in Review: December 1 – 5, 2014

TheNEXUS Week in Review Issue #9 – December 8, 2014 We had a busy week last week at TheNEXUS, publishing “A Migration Roadmap from Artifactory to Nexus“, and the “Nexus Professional and Smart Proxy” video series. Those plus, six more articles should get you set for the week.  Real World Project: A Migration Roadmap from Artifactory to Nexus by Mike Filosa As part of our ongoing

Marcel de Vries

Best Practices for Using Open Source Software in the Enterprise [VIDEO]

During TechED Europe 2014 in October, Marcel de Vries presented a compelling story around best practices for using Open Source. This is a video of his entire presentation from October 31, 2014. He starts with the history of open source, how the licensing works and then moves into a practical discussion of how to use