Integrating Security into the Development Pipeline
DevOps teams are more likely to have security tools properly integrated in their development pipeline, but many still struggle to do it well.
Tag: Sonatype
Security Integration Throughout Software Development Lifecycle Is a Pipe Dream
Risk and vulnerability management is the top reason to implement security throughout the software development lifecycle (SDLC), but the second most common reason is improving code quality according to the DevSecOps Community Survey 2019. However, this does not appear to be enough motivation to integrate security automation into the development process.
Competing Estimates of Open Source Composition
Nine out of 10 components in the average application are open source, according to an analysis of 1,700 apps in Sonatype’s “State of the Software Supply Chain.” However, a survey of people familiar with application security by ESG provides a lower figure — only 43% believe that more than half of their enterprise’s codebase of open source.
JavaScript Inflection Point vs Java
With Node.js’s use on the server side, comparing JavaScript and Java is no longer apples vs oranges. With that context, it is noteworthy that last year the number of npm (Javascript) packages downloaded surpassed components in the maven (Java) components. According to Sonatype’s 2017 State of […]
Old Apps, Bad Apps
In software, there are few oldies but goodies. Yet, perhaps we shouldn’t accuse developers of ageism. Sonatype’s 2016 Software Supply Chain report looked at 1,000 repository managers and the components they manage. Components more than two years old account for over 53 percent of the software parts development […]