The journey with Deanna continues. In this video she talks about the benefits of using a new library to add new functionality. Also she gives great examples on how to use additional Dev tools like our CLI, the Chrome extension and the IDE’s Sonatype supports. The lesson would not be complete without a quick review …
Adding Functionality, Upgrading Components & Mitigation, MTTR Read More »
Take a look at the Running Scans section of our Lifecycle Scanning technical guide and you will see for each language / ecosystem: The available package managers Scan Target(s) How to Scan links Available Data Tips including best practices that we have compiled while working with customers Note: You’ll also notice that some package managers …
For something completely different, we offer you a macro level view where you can quickly identify which of your dependencies are direct and which are transitive (the dependencies of those dependencies). And with our reliance on third-party dependencies comes the realization that things can get messy quickly, especially when a direct dependency pulls in another …
Lesson 1 Overview What’s that saying about development software, Software’s Eating The World? It’s true. As developers, we’re in the middle of everything now. We’re responsible for: Working with product owners Defining and refining what a feature will do Deciding how it will work Proving the value it will provide to our users and our …
Filtering the Component List If you have multiple projects loaded into your IDE and need to view a specific subset of results — the plugin has a Filter option that allows you to set the scope for the results displayed within the panel. This could be useful when you need to review vulnerabilities pertaining to …
You have completed Lesson 2. You are now able to: Using the Component Info tab to view vulnerabilities Viewing policy details Analyzing license types and risks Analyzing security risks Taking the necessary steps to start remediating
Assigning Your IDE Project and Triggering an Evaluation Once the IDE plugin has been successfully installed and configured the next step will be to associate your local IDE project with an IQ application so it can be evaluated against the defined policies. Here is an example of an Eclipse IDE with a WebGoat Java project …
Getting Started Sonatype’s IDE Integrations provides you with direct access to Sonatype’s comprehensive component intelligence right within your IDE. It measures your components against your organization’s open source governance policy. This helps you to pick components that align with policy. Objectives By the end of this lesson, you will be able to use the plugin …
Sonatype provides many ways that you can add component intelligence to your development workflow that help you identify and select component information, recommended versions, and even migrate and remediate fixes, all in the environment you are already using. Below we have several use case scenarios for different plug-ins and when they will be helpful to …
Providing Nexus Intelligence at Your Fingertips Nexus Intelligence powers the Nexus Platform with precise data to automate open source governance at scale across every phase of the SDLC. Modern software practices require a modern approach. The Nexus Platform provides fast, precise, contextual, actionable, and continuous information about the component you use, allowing you to focus …
