Lesson Category: 200

Developer Tools

Lesson 5 Overview Nexus Lifecycle integrates early and everywhere with your favorite pipeline and development tools so you never have to worry about compatibility. We Work Where You Work — Fix issues before failing a build, and move to an approved version with just one click. Nexus IQ integrates with Eclipse, IntelliJ IDEA, Microsoft Visual …

Developer Tools Read More »

Developers – The Strongest Link

Developers have become the strongest link in the software supply chain because developers are at the center of everything. Developers have all the demands Everybody else understands and knows the rules At the end of the day, developers are the ones that get caught up if we shipped something that wasn’t supposed to be shipped …

Developers – The Strongest Link Read More »

Holistic vs Micro View

Lesson 3 Overview Since the beginning, Sonatype has been working towards being able to offer perspectives from different teams into a holistic view across your organization. IQ Server also provides a micro view at the application level, with the ultimate goal of being able to visually show all of this in the dashboard. By the …

Holistic vs Micro View Read More »

Summary – Lesson 5

We work where you work. Everyday, we too are fixing issues trying to make our workflow faster, more efficient and secure. And Lifecycle integrates early and everywhere with your favorite pipeline and development tools so you never have to worry about compatibility.  You should now be able to: Explain the importance of keeping your dependencies …

Summary – Lesson 5 Read More »

Quality Control in Source Control

Keep your packages up to date with continuous monitoring and automatically create pull requests for any new policy violations. Nexus Lifecycle identifies the available upgrade versions and path to remediation. Nexus Lifecycle lets you view evaluation results directly in GitHub, Bitbucket, or GitLab to reduce noise and speed up development while automating manual tasks. For …

Quality Control in Source Control Read More »

Using Nexus IQ Chrome Extension

The Nexus IQ Chrome Extension lets you inspect a package before you download it. The plugin requires a valid Sonatype Nexus Lifecycle license. Once the plugin is installed on your Chrome browser, you can scan packages from several repositories like Maven, npm, Nuget, and PyPi, just to name a few. With the Chrome Extension, you’ll …

Using Nexus IQ Chrome Extension Read More »

Managing Transitive Dependencies

When you are trying to figure out why/where a particular vulnerable transitive dependency is showing up in your report you’ll need to determine the “parent” component that includes the transitive dependency to determine how to proceed. Upgrading to a different version of the parent component may resolve the violation because a different version of the …

Managing Transitive Dependencies Read More »

Updating Your Dependencies

Dependencies can grow to the point where they get out of hand. You may be following all the right security best practices, but due to a single vulnerable dependency, your application can still be susceptible to exploitation. Keeping dependencies up-to-date can present a huge problem if left unmanaged. 2020 State of the Software Supply Chain …

Updating Your Dependencies Read More »

Microservices and Containers

Similarly, microservices and containers are a really big thing.  We work with container vendors to be able to understand the different layers, the different dynamics in there and pulling out the application bits from the container bits. This actually is a really big trend, because often the people owning the container aren’t developers, but again, …

Microservices and Containers Read More »