Yes, Policies Can Speed Development

391 views

Published on

Last year alone, there were 7.2 BILLION component requests from more than 71 thousand organization and millions of developers around the world. Policies are like 4 letter words to developers – but the policy is not the problem; the implementation is.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
391
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Use this section of slides when presenting to a application development audience.
  • Use this section of slides when presenting to a application development audience.
  • Use this section of slides when presenting to a application development audience.
  • Linear : Workflow design is primarily linearReactive: Request only starts when developer identifies a new component Belated: Reactive policies can’t guide initial component selectionUnenforceable: Guided enforcement is not integrated into the lifecycleStatic: Automated workflow doesn’t identify and alert new threats
  • Use this section of slides when presenting to a application development audience.
  • Now that we have discussed how the application process has changed let’s explore how Sonatype helps you speed the development process while mitigating security, licensing and quality concerns. We’ll take a look at how Sonatype:ensures the integrity of the components that you download from Central.uses policy to guide the development effort.identify & prioritize exposures so that they can be easily eliminated (fix) monitor production applications for newly discovered vulnerabilities
  • Use this section of slides when presenting to a application development audience.
  • Use this section of slides when presenting to a application development audience.
  • Yes, Policies Can Speed Development

    1. 1. Yes, Policies Can Speed Development Go Fast. Be Secure. The Webinar will start at 12 PM EDT Tweet your thoughts: #sonatype The Component Lifecycle Management Company
    2. 2. Software Evolution Written Assembled 90% The Component Lifecycle Management Company
    3. 3. Component Usage Has Exploded The Component Lifecycle Management Company
    4. 4. The Need for Repository Management Why Use a Repository? Reduce Build Times by proxying cloud repositories and caching components locally. Improve Collaboration by providing a central location to store, manage, and share common components used across developers and teams. Enhance Control by providing a mechanism to observe, manager, and govern component usage. #sonatype The Component Lifecycle Management Company
    5. 5. Foundation for Agile, Component-Based Development #sonatype The Component Lifecycle Management Company
    6. 6. Nexus Pro Go Beyond Basic Repository Management Know Your Components with Repository Health Check. Gain Control with automated controls for component management. Ensure Security with access controls and secure connectivity to the Central Repository. Scale with Ease with smart proxy to ensure your repos are always available and your teams are in sync. Manage All Your Components with support for .NET / Nuget repositories. #sonatype The Component Lifecycle Management Company
    7. 7. State of Open Source Governance
    8. 8. The Component Lifecycle Management Company
    9. 9. The Component Lifecycle Management Company
    10. 10. The Component Lifecycle Management Company
    11. 11. The Problem With Policies: Why Developers think Policy is a “4 Letter Word”
    12. 12. The Problem with Today’s Policy Approach • • • • • • • They are manual They are static They are inflexible They are document-centric They are generic They are approval-laden The implementation is reactive “All of our developers are killing us because of the work that comes out of using a static scan – it isn't even work prisoners should be made to do” – Senior IT Executive The Component Lifecycle Management Company
    13. 13. Ineffective Policies are Exacerbated by Today’s Development Approach • • • • • Component volume, diversity, complexity & release cadence Large number of applications Varying risk posture of organizations & applications Agile-based development or fast waterfall delivery cycles Security, Legal/Compliance, Architecture, Dev, IT Ops silos One component may rely on 100s of others 40,000 Projects 200MM Classes 400K Components Typical Enterprise Consumes 100s of Components Monthly Typical Component is Updated 4X per Year The Component Lifecycle Management Company
    14. 14. The End Result of Ineffective Policies Developers follow them & use sub-optimal components They slow development OR Business needs are not met – finger pointing ensues Developers bypass them OR Risk is increased since outdated “approved” components are used Organizations put at risk since components are not properly governed The Component Lifecycle Management Company
    15. 15. One Potential Approach: Automating the Approval Workflow
    16. 16. Automated Approval Workflow Doesn’t Work Linear Reactive Belated Unenforceable Static The Component Lifecycle Management Company
    17. 17. A Better Approach: Automating Policies
    18. 18. Automated Policies Keep Pace With Today’s Development Approach Integrates guidance & enforcement directly in Dev Tools Provides up-front guidance to developers Extends Trust into Production Applications • Automated policies free humans to focus on higher value tasks (policy definition and exception management) • Accommodates risk profiles for different organization / application requirements • Policies drive proactive notification and action for newly discovered vulnerabilities (continuous trust for production apps) #sonatype The Component Lifecycle Management Company
    19. 19. Product Demo
    20. 20. Only Sonatype CLM is designed for how applications are constructed today. Only Sonatype provides automated policies that guide development and production effort for the entire software lifecycle. The Component Lifecycle Management Company
    21. 21. Sonatype Product Family Sonatype CLM Component Lifecycle Management • • • • • Centrally define governance policies Enforce throughout the lifecycle Integrate with existing developer tools Build security in from the start Continuous trust for production apps Sonatype CLM Nexus Pro CLM Edition Sonatype Nexus Repository Management • Improve collaboration • Controlled release process Component governance in the repo Nexus Pro Enterprise features, enterprise support Nexus OSS Repository • Speed Builds #sonatype Nexus OSS Industry standard open source repository manager The Component Lifecycle Management Company
    22. 22. Where to go to learn more? Resources to Learn More Read the Brief – Enhanced Repository Management: Automated Policy Governance for Agile Development Efforts http://www.sonatype.com/nexusproclm Join Nexus Live – Nexus and Chef as Part of the DevOps Pipeline http://www.sonatype.com/news/november-nexus-live November 21st Download a Free Trial – Updated Trial Guide and New Ant & Gradle Samples http://www.sonatype.com/nexus/free-trial #sonatype The Component Lifecycle Management Company

    ×