Community Updates: Nancy Has a New Ship, and Found oysteRs
The community team at Sonatype has been working hard on upgrading docker-nancy from a Post Panamax cargo ship to a new and improved Triple E vessel. (See the diagram below). As a result, the docker-nancy project on github that we announced earlier is being archived. Now, docker-nancy has moved to ... Read More
Four Common Security Acronyms Explained
Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture. I just released an updated version of the DevSecOps Reference Architecture created last year that has been updated ... Read More
The DevSecOps Landscape is Maturing – We Want to Hear About Your Journey
Time is running out to take part in Sonatype’s annual DevSecOps Community Survey. Share your stories with others in the space. The race to out-innovate one’s competition has led to high-performing organizations chasing increased deployment velocities but often ignoring the quality of parts being used to manufacture their applications. It ... Read More
Get the Latest DevSecOps Reference Architecture
Since releasing the DevSecOps Reference Architecture last year I've received a ton of feedback from the community. I took the feedback and spent some time over the past several months to update the architecture to roll in some of the suggestions. I'm happy to say that I finished a new ... Read More
Are You a Fool with a Tool?
I learned about Buckminster Fuller when I was frantically drawing my way through an architecture degree in college. Fuller was quite an inspirational architect and the inventor of the Geodesic dome. He had this saying that stuck in my head: "A fool with a tool still remains a fool." When ... Read More
Nancy, on a Boat! (Announcing Nancy for Docker)
Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal ... Read More
Security Should Stop Being a Drag
About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security vulnerability was detected by scanning tools. That statement was met with a few record scratches in the audience ... Read More
Success Requires Reflection on DevSecOps Failures
It was just over a year ago on an extremely hot and humid day in Singapore when a group of DevSecOps nomads gathered to share our stories at DevSecOps Days. We represented Australia, Jakarta, Singapore, and the United States. The more we listened to each other speak, the more we ... Read More
A Sort of a Homecoming – Why I Joined Sonatype
Switching employers is usually a difficult transition filled with complex emotions, fear, and anxiety. I haven't had any of these feelings as I start my journey at Sonatype. The timing is right, the culture is right, the tools are right, and I have a ton of technique to bring to ... Read More
Security Organizations Need to Start Thinking Like Developers
Many years ago when I was studying architecture a professor once told the class that, as architects, if we designed a space that a contractor couldn’t fit a hammer into, our best designs would never be built. We needed to understand how our designs would ultimately be constructed in the ... Read More