Developers – The Strongest Link Developers have become the strongest link in the software supply chain because developers are at the center of everything. Developers have all the demandsEverybody else understands and knows … Read more NOW “Developers – The Strongest Link”
New Approaches and Architecting Systems Lesson 4 Overview The approach towards architecting systems has changed quite a bit in the last several years. Do you remember when we only wanted to do validation at the … Read more NOW “New Approaches and Architecting Systems”
Holistic vs Micro View Lesson 3 Overview Since the beginning, Sonatype has been working towards being able to offer perspectives from different teams into a holistic view across your organization. IQ Server also provides … Read more NOW “Holistic vs Micro View”
Summary – Lesson 5 We work where you work. Everyday, we too are fixing issues trying to make our workflow faster, more efficient and secure. And Lifecycle integrates early and everywhere with your favorite … Read more NOW “Summary – Lesson 5”
Quality Control in Source Control Keep your packages up to date with continuous monitoring and automatically create pull requests for any new policy violations. Nexus Lifecycle identifies the available upgrade versions and path to remediation.… Read more NOW “Quality Control in Source Control”
Using Nexus IQ Chrome Extension The Nexus IQ Chrome Extension lets you inspect a package before you download it. The plugin requires a valid Sonatype Nexus Lifecycle license. Once the plugin is installed on your … Read more NOW “Using Nexus IQ Chrome Extension”
Managing Transitive Dependencies When you are trying to figure out why/where a particular vulnerable transitive dependency is showing up in your report you’ll need to determine the “parent” component that includes the transitive … Read more NOW “Managing Transitive Dependencies”
Updating Your Dependencies Dependencies can grow to the point where they get out of hand. You may be following all the right security best practices, but due to a single vulnerable dependency, your … Read more NOW “Updating Your Dependencies”
Microservices and Containers Similarly, microservices and containers are a really big thing. We work with container vendors to be able to understand the different layers, the different dynamics in there and pulling out … Read more NOW “Microservices and Containers”
The Application View Also worth mentioning are the different types of views that are available if you need to dig a little deeper after you’ve applied your filters. Violations viewComponents viewApplications … Read more NOW “The Application View”
Project Owner Perspective As a Product Owner/Product Manager, I probably care about all of these items. But I may be particularly interested in the highest risk or the whole aggregate amount of risk. … Read more NOW “Project Owner Perspective”
Security Perspective From a security perspective, we can get what is most important to you – policy violations that are due to security issues. This time use the Policy Type –> … Read more NOW “Security Perspective”
Early Visibility Remember that release where you had to get a patch out, and you discover that there’s an issue? And how this totally interrupted your workflow trying to get that patch … Read more NOW “Early Visibility”
Acknowledging Your Existing Risk Imagine you’ve got a project, a legacy system that is of moderate complexity, or maybe you’re new to this sort of application scanning. You turn it on for the … Read more NOW “Acknowledging Your Existing Risk”
How You Can Be The Strongest Link Lesson 2 Overview So, we’ve got some good news! The market is shifting and development teams are gaining budget authority to purchase tools that fit their needs better. This means … Read more NOW “How You Can Be The Strongest Link”
Adding Functionality, Upgrading Components & Mitigation, MTTR The journey with Deanna continues. In this video she talks about the benefits of using a new library to add new functionality. Also she gives great examples on how to … Read more NOW “Adding Functionality, Upgrading Components & Mitigation, MTTR”
Course Summary Congratulations!You have completed this course. You are now able to: Address and mitigate risk so that you can ship quicklyDiscuss the concept of defining intent through policyIdentify what … Read more NOW “Course Summary”
Summary – Lesson 4 The approach towards architecting systems has changed the last several years and Lifecycle keeps evolving to support the new approaches and new techniques. You have completed Lesson 4. You are … Read more NOW “Summary – Lesson 4”
Running Scans Take a look at the Running Scans section of our Lifecycle Scanning technical guide and you will see for each language / ecosystem: The available package managersScan Target(s)How … Read more NOW “Running Scans”