Sonatype provides many ways that you can add component intelligence to your development workflow that help you identify and select component information, recommended versions, and even migrate and remediate fixes, all in the environment you are already using. Below we have several use case scenarios for different plug-ins and when they will be helpful to …
Getting Started In this section, we’ll discuss the differences and review which IDEs are supported by Sonatype and what is available even if you don’t have an IQ Server license. Objectives By the end this lesson, you will be able to: List the IDEs that require an IQ Server license Identify which IDE works best for …
Objectives By the end of this lesson, you will be able to: Objective Statement One Objective Statement Two Objective Statement Three <Heading Title> Content for heading ^^^ <Heading Title> Content for heading ^^^ Add and remove as needed Review this video to…
According to the 2019 DevSecOps Community Survey, nearly 40% of software development organizations with 100 developers or less believe their current infosec teams/processes are slowing them down; nearly 53% of software development organizations with more than 5000 developers believe their current infosec teams/processes are slowing them down. When integral security processes are at odds with …
How Are Your Open Source Software Components Being Managed (Or Not)? Read More »
In the previous section, you learned how to set up a proxy repository to Maven Central and use that to cache components from the public repo. This is hugely beneficial and saves time, but what do you do with internal components that aren’t downloaded from a public repository, but are used by various development teams …
Objectives By the end of this lesson, you will be able to: Describe what components are in Nexus Repository Manager. Explain how Nexus Repository manages components. Describe what formats are and which are supported in Nexus Repository Manager. Determine how Nexus Repository Manager will work with components and formats in your environment. What are Components In Nexus …
Identify Open Source Risk In viewing the Application Composition Report for your applications, you’ll identify any known vulnerabilities in the open source and third-party components within your applications. IQ server helps you build trusted applications and helps to keep them that way over time. Now that you’ve scanned and viewed your report, what are you going to …
Task 3: Viewing the Application Composition Report Read More »
Objectives By the end of this lesson, you will be able to: Explain the concept of a software supply chain, its risks, and how it applies to modern software development. List three ways legacy security processes can produce unintended outcomes for software developers. Present three compelling reasons that adopting a DevSecOps process makes good business …
Prioritizing OSS Component Management in Your DevSecOps Strategy Read More »
Objectives By the end of this lesson, you will be able to: Define the use of Maven and the Central repository. Install and configure Maven. Describe the need for proxy repositories. Identify the steps to create and populate a caching proxy repository in the Maven format. Explain how hosted repositories are used. Create maven-snapshots and maven-releases hosted repositories. About Maven Apache Maven …
Objectives By the end of this lesson, you will be able to: Define software distribution and how it relates to your organization. Describe how open source licenses may affect patent rights in software. Define the “notice requirement” and ways you can comply. Identify whether you have “derivative work”. Decide whether incorporating GPL code into your …
