Collaborate Disseminate
Recently, I moderated round table discussions between dozens of CISOs at Evanta CISO Summits in Chicago and Atlanta, and my colleague, Michelle Dufty, moderated a similar event in San Francisco.
The post What I Learned Talking to 45 CISOs About De… Continue reading What I Learned Talking to 45 CISOs About DevSecOps
It’s nearly impossible to build a modern application without relying on third-party libraries. Open source software has been an amazing boom to software development. It’s been instrumental in allowing developers to build increasingly m… Continue reading How to Use Sonatype OSS Index to Identify Security Vulnerabilities
Imagine that a new vulnerability in lodash was just announced. Applications using the npm package are being exploited through large scale automated DoS attacks. You need to act quickly to understand if your organization’s systems are at risk… Continue reading Why You Need a Software Bill of Materials More Than Ever
Developers are continuing to leverage containers to reliably move software applications between environments, making them an integral part of every DevOps pipeline. In fact, according to Sonatype’s 2019 State of the Software Supply Chain Rep… Continue reading Nexus Lifecycle Now Integrates with Red Hat Clair to Secure Containers Across the SDLC
It’s right there in the moniker: DevSecOps , a portmanteau of Development, Security and Operations, implies introducing security early on – as a part of a comprehensive, agile Software Development Life Cycle (SDLC) used by your organiz… Continue reading 5 Ways Your Organization Benefits from DevSecOps
Today dev, ops, and security — all three silos — are working in synergy in top-performing DevOps organizations – what we know as DevSecOps.
Aditya Balapure (@adityabalapure) is an infosec specialist at Haven. He was at GrubHub when he spoke at t… Continue reading Make Sure to Cover Your Auth
Editor’s Note: You can meet Gene at the 2020 DevOps Enterprise Summit (DOES) October 28-30 in Las Vegas. Visit the Sonatype booth to receive a free copy of The Unicorn Project. DOES explores everything related to open source security, at scale. So… Continue reading How The Unicorn Project Aligns with The Phoenix Project
Anyone who grew up with siblings knows the phrase, “There is a wall here!!!!!” Of course, there wasn’t a physical wall, but an imaginary border that separated you and protected your space.
In software development, walls aren’t helpful…. Continue reading DevSecOps for a Dollar or Less
The month of October is dedicated to intimate gatherings of DevSecOps professionals, thought leaders, and decision makers in cities across North America and Europe.
Participants tell us that these forums and roundtables foster dynamic, collaborati… Continue reading Sonatype Hosts Global Gatherings of DevSecOps Leaders and Innovators
The name of the presentation says it all: Procure Secure Components Faster with Superior Developer Experience. So announced Karthik Loganathan and Sheshagiri (Giri) Rao of Discover at the annual DevOps World | Jenkins World conference.
T… Continue reading It Pays to Discover Sonatype