Community Updates: Nancy Has a New Ship, and Found oysteRs

The community team at Sonatype has been working hard on upgrading docker-nancy from a Post Panamax cargo ship to a new and improved Triple E vessel. (See the diagram below). As a result, the docker-nancy project on github that we announced earlier is being archived. Now, docker-nancy has moved to ... Read More

Four Common Security Acronyms Explained

Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture. I just released an updated version of the DevSecOps Reference Architecture created last year that has been updated ... Read More

The DevSecOps Landscape is Maturing – We Want to Hear About Your Journey

Time is running out to take part in Sonatype’s annual DevSecOps Community Survey. Share your stories with others in the space. The race to out-innovate one’s competition has led to high-performing organizations chasing increased deployment velocities but often ignoring the quality of parts being used to manufacture their applications. It ... Read More
Security Boulevard

Get the Latest DevSecOps Reference Architecture

Since releasing the DevSecOps Reference Architecture last year I've received a ton of feedback from the community. I took the feedback and spent some time over the past several months to update the architecture to roll in some of the suggestions. I'm happy to say that I finished a new ... Read More

Are You a Fool with a Tool?

I learned about Buckminster Fuller when I was frantically drawing my way through an architecture degree in college. Fuller was quite an inspirational architect and the inventor of the Geodesic dome. He had this saying that stuck in my head: "A fool with a tool still remains a fool." When ... Read More

Nancy, on a Boat! (Announcing Nancy for Docker)

Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal ... Read More

Security Should Stop Being a Drag

About a year ago during my talk at the Nexus User Conference, and during a Virtual Session for RSA Conference APJ, I mentioned that a pipeline shouldn’t fail just because a security vulnerability was detected by scanning tools. That statement was met with a few record scratches in the audience ... Read More

Success Requires Reflection on DevSecOps Failures

It was just over a year ago on an extremely hot and humid day in Singapore when a group of DevSecOps nomads gathered to share our stories at DevSecOps Days. We represented Australia, Jakarta, Singapore, and the United States. The more we listened to each other speak, the more we ... Read More

A Sort of a Homecoming – Why I Joined Sonatype

Switching employers is usually a difficult transition filled with complex emotions, fear, and anxiety. I haven't had any of these feelings as I start my journey at Sonatype. The timing is right, the culture is right, the tools are right, and I have a ton of technique to bring to ... Read More

Security Organizations Need to Start Thinking Like Developers

Many years ago when I was studying architecture a professor once told the class that, as architects, if we designed a space that a contractor couldn’t fit a hammer into, our best designs would never be built. We needed to understand how our designs would ultimately be constructed in the ... Read More

Logging, Management and Analytics

Step 1 of 4

Currently, our log management solution is: