Overview Now that we’ve established a view to the future, as provided by the Breaking Changes capability, let’s add another superpower to our arsenal: the ability to know, understand, and react to everything. Well, everything related to dependency management, anyway. Ongoing maintenance is a critical part of ensuring the absolute best for your builds in …
Fixing Direct and Transitive Dependencies Faster Read More »
Developers have become the strongest link in the software supply chain because developers are at the center of everything. Developers have all the demands Everybody else understands and knows the rules At the end of the day, developers are the ones that get caught up if we shipped something that wasn’t supposed to be shipped …
Remember that release where you had to get a patch out, and you discover that there’s an issue? And how this totally interrupted your workflow trying to get that patch out the door? This puts you in a position of being reactive. You’re going to look at it and ask yourself, can we get this …
Imagine you’ve got a project, a legacy system that is of moderate complexity, or maybe you’re new to this sort of application scanning. You turn it on for the first time, and you’re inundated with data that you were unaware of before. This leads us to two specific questions. What is a good approach to …
Sonatype provides many ways that you can add component intelligence to your development workflow that help you identify and select component information, recommended versions, and even migrate and remediate fixes, all in the environment you are already using. Below we have several use case scenarios for different plug-ins and when they will be helpful to …
Getting Started In this section, we’ll discuss the differences and review which IDEs are supported by Sonatype and what is available even if you don’t have an IQ Server license. Objectives By the end this lesson, you will be able to: List the IDEs that require an IQ Server license Identify which IDE works best for …
Objectives By the end of this lesson, you will be able to: Objective Statement One Objective Statement Two Objective Statement Three <Heading Title> Content for heading ^^^ <Heading Title> Content for heading ^^^ Add and remove as needed Review this video to…
According to the 2019 DevSecOps Community Survey, nearly 40% of software development organizations with 100 developers or less believe their current infosec teams/processes are slowing them down; nearly 53% of software development organizations with more than 5000 developers believe their current infosec teams/processes are slowing them down. When integral security processes are at odds with …
How Are Your Open Source Software Components Being Managed (Or Not)? Read More »
In the previous section, you learned how to set up a proxy repository to Maven Central and use that to cache components from the public repo. This is hugely beneficial and saves time, but what do you do with internal components that aren’t downloaded from a public repository, but are used by various development teams …
Objectives By the end of this lesson, you will be able to: Describe what components are in Nexus Repository Manager. Explain how Nexus Repository manages components. Describe what formats are and which are supported in Nexus Repository Manager. Determine how Nexus Repository Manager will work with components and formats in your environment. What are Components In Nexus …
