Multiple agencies across the U.S. government are paying closer attention to
the software they are buying. More specifically, they want to know what
open source and third party components were used to build the software
applications. The report notes:
U.S. Food and Drug Administration (FDA) wants to know what open source
components are being used in medical devices. U.S. Department of Defense
(DOD) is introducing new procurement language for software purchases to
ensure it is free of vulnerabilities, either intentionally or unintentionally
designed or inserted as part of the software. U.S. Federal Trade Commission
(FTC) is filing complaints against businesses offering software with known
Similar moves by the National Institute of Standards and Technology (NIST),
Underwriters Laboratories (UL), and the U.S. General Services
Administration's (GSA) 1... (more)
What do dependency resolution, situational awareness, and superheroes have in
common? Meet Chris Corriere, a DevOps/Software Engineer at Autotrader,
speaking on creative ways to maximize usage of all of the above. Mark Miller,
Community Advocate and senior storyteller at Sonatype caught up with Chris to
learn more about what his team is up to.
Chris: I'm Chris Corriere, and I'm a Dev Ops engineer at AutoTrader.
Mark: Can you give us an overview on how you're using Nexus?
Chris: We use Nexus for dependency resolution. Part of that is to insulate
our enterprise infrastructure from ... (more)
Intersections: DevOps, Release Engineering, and Security
Derek: Good morning, Paul. There's a lot those pursuing DevOps can learn from
Release Engineering practices. I know you've got a lot of experience to
share, so let's get started.
J. Paul Reed: Good morning, it's good to be here. My background is release
engineering, although these days I am actually called a DevOps consultant. I
have about 15 years' experience doing that. That's what my presentation is
about: sort of the intersection between DevOps, Rugged DevOps, and release
engineering and wanting to explore that with the... (more)
Analysis of 25,000 applications reveals 6.8% of packages/components used
included known defects. Organizations standardizing on components between 2 -
3 years of age can decrease defect rates substantially.
Open source and third-party packages/components live at the heart of high
velocity software development organizations. Today, an average of 106
packages / components comprise 80 - 90% of a modern application, yet few
organizations have visibility into what components are used where.
Use of known defective components leads to quality and security issues within
applications. Wh... (more)
As a long time Java developer, I've always depended on the Maven build
process to automatically publish my artifacts to a Nexus Repository Manager.
This automated process was made possible thanks to some very useful plugins
- specifically, the Maven plugin for Nexus staging and the Maven Deploy
plugin. Both made publishing of artifacts to Nexus Repository Managers
remarkably simple as the final step of a Maven build.
Introducing the Nexus Jenkins Plugin
However, in today's continuous-everything world, build processes are
increasingly complicated and resemble a highly dynamic su... (more)