Developers today are faced with an ever-changing landscape. Their responsibilities continue to expand into areas like software QA, security, and governance. In an SD Times Live! webinar, Brian Fox, CTO of Sonatype and Steve Poole, developer advocate at Sonatype, discuss the ways in which security has become an essential part of a developers job. According … continue reading
AppSearch in Jetpack, the on-device search library to create high performance and feature-rich full-text search functionality, is now available in alpha. With AppSearch, developers have access to offline search capabilities, lower latency for indexing and querying over large data sets, relevant search results and multi-language support. Users add an item by typing in the name … continue reading
New versions of open-source components are being released every day at an overwhelming and alarming pace. According to the open-source governance company Sonatype, approximately 20,000 component updates are made per day, making it near impossible for teams to manually manage dependencies. In addition, open-source projects that are impacted by attacks are difficult to detect because … continue reading
While open-source software is an integral part of software development today, security continues to be an issue. A recently released report revealed a 71 percent increase in open-source security related breaches over the last five years. In addition, 25 percent of organizations reported a confirmed or suspected open-source software related breach. RELATED CONTENT: Open source … continue reading
Sonatype wants to make it easier for developers to have open-source governance with the release of Sonatype DepShield. The solution is a GitHub application that integrates directly within repositories, enabling developers to identify vulnerable open-source components. According to the company, DepShield constantly monitors projects and automatically creates issues when security vulnerabilities are detected. It offers … continue reading
“Why is open source important? That’s like asking why is gravity important,” stated Brian Behlendorf, a leading figure in the open-source software movement, and executive director for the blockchain consortium Hyperledger. While this year marks the 20th anniversary of open source, it is hard to imagine a time before open-source software. Today, it’s difficult to … continue reading
At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps. Though the concept and practices were created with the best intentions, the number of cybersecurity attacks continues to rise, which … continue reading
Software is the lifeblood of most businesses today. So, what happens if that software is unreliable or insecure? It seems like a no-brainer that the software being pushed out should be protected. But, as software is being developed and deployed at a rapid pace, an important aspect of the life cycle gets lost in the … continue reading
Sonatype released its third annual State of the Software Supply Chain report, which highlights risks within open source software components. The report also highlights the benefits of managing software supply chain hygiene. “Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of … continue reading
The Eclipse Foundation has announced Eclipse Oxygen is now available. The Oxygen release includes 83 projects, 287 committers, and about 71 million lines of code. “We’re proud to announce the arrival of Eclipse Oxygen, the 12th annual simultaneous release from the Eclipse Community,” the foundation wrote. Most notably missing from this release is support for … continue reading
Sonatype, the leader in software supply chain automation, today announced that it has released a new version of Nexus Lifecycle that includes an extension to Microsoft Visual Studio, a popular integrated development environment (IDE). This new Nexus Lifecycle integration empowers millions of Visual Studio developers with direct access to Sonatype’s open source intelligence engine so … continue reading
The DevOps community is struggling with bringing security into the organization and across the software development life cycle (SDLC). However, new research from Sonatype reveals that while companies continue to face breaches, mature development organizations finally realize how critical it is to weave automated security early in the SDLC. Sonatype, a software automation and security … continue reading