The Golden Repository of
Yesterday is NOT the Answer
Go Fast. Be Secure.
The Webinar will start at 12 PM EDT
Tweet your th...
The Component Revolution

8,000

7,000

6,000

Requests in Millions

5,000

4,000

3,000

2,000

8 Billion

1,000

Request...
The Need for Repository Management

Why Use a
Repository?

Reduce Build Times by proxying cloud
repositories and caching c...
Foundation for Agile, Component-Based Development

#sonatype

The Component Lifecycle Management Company
Nexus Pro

Go Beyond Basic Repository Management
Know Your Components with Repository Health Check.
Gain Control with auto...
Why Yesterday’s Golden Rep
isn’t so Golden
Developers Will Bypass Your Repository

#sonatype

The Component Lifecycle Management Company
Repo-Only Approaches Aren’t Flexible Enough

Flexibility

#sonatype

Control

The Component Lifecycle Management Company
Golden Repo Component Approvals Can’t Keep Pace

#sonatype

The Component Lifecycle Management Company
Without Governance, Components Become Stale

Versions without the vulnerabilities exist
but they aren’t in the Repo
#sonat...
Vulnerability Discovery is Required

Proactive identification and analysis of security
vulnerabilities & licensing issues ...
Your Strategy Must Extend to Production Apps

Component threats are
not static – hackers are
not complacent –
Continuous p...
Risk Profiles Vary by App & Organization

#sonatype

The Component Lifecycle Management Company
Why not use multiple
repositories to address these
challenges?
Multiple / Segmented Repositories are Not the Answer
Managing multiple repositories
increases the administrative burden

P...
So what do you need to solve
this problem?
A New Approach is Needed

Fast
Precise
Contextual

Actionable
Continuous
17 #sonatype

The Component Lifecycle Management ...
The Component Lifecycle Management Company
Fast: Automated Policies Speed Development

Automated Policies Free Humans
1. Humans define policy.
2. Machines automate t...
The Component Lifecycle Management Company
The Component Lifecycle Management Company
Contextual: Info Must Be Relevant to My Needs

Info Must Be Specific to My Apps & Toolchain
• Information needs to apply t...
The Component Lifecycle Management Company
Actionable: Help Developers Fix Problems

Only Developers Can Fix It: Guidance is Key
• Now that you've told me about a pr...
The Component Lifecycle Management Company
The Component Lifecycle Management Company
Continuous: Constant Diligence is Needed to Prevent Rot

Component Vulnerabilities are not Static
• Applications that have...
The Component Lifecycle Management Company
Only Sonatype is designed for how
applications are constructed today.

Only Sonatype provides automated
policies that guid...
Sonatype Product Family

Sonatype CLM
Component Lifecycle Management
•
•
•
•
•

Centrally define governance policies
Enfor...
Want to Learn More?

Yes, Policies Can Speed Development: November 6th at 12pm EDT

Register Now - http://www.sonatype.com...
Upcoming SlideShare
Loading in …5
×

Golden Repository

820 views

Published on

Understand the ecosystem of modern software development and the opportunities to transform the historical conflict between developing feature-rich applications quickly for operational benefit, and the increasing need for applications to be developed methodically, securely, in ways that reduce organizational risk.

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

Golden Repository

  1. 1. The Golden Repository of Yesterday is NOT the Answer Go Fast. Be Secure. The Webinar will start at 12 PM EDT Tweet your thoughts: #sonatype The Component Lifecycle Management Company
  2. 2. The Component Revolution 8,000 7,000 6,000 Requests in Millions 5,000 4,000 3,000 2,000 8 Billion 1,000 Requests in 2012 2001 #sonatype 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 The Component Lifecycle Management Company
  3. 3. The Need for Repository Management Why Use a Repository? Reduce Build Times by proxying cloud repositories and caching components locally. Improve Collaboration by providing a central location to store, manage, and share common components used across developers and teams. Enhance Control by providing a mechanism to observe, manager, and govern component usage. #sonatype The Component Lifecycle Management Company
  4. 4. Foundation for Agile, Component-Based Development #sonatype The Component Lifecycle Management Company
  5. 5. Nexus Pro Go Beyond Basic Repository Management Know Your Components with Repository Health Check. Gain Control with automated controls for component management. Ensure Security with access controls and secure connectivity to the Central Repository. Scale with Ease with smart proxy to ensure your repos are always available and your teams are in sync. Manage All Your Components with support for .NET / Nuget repositories. #sonatype The Component Lifecycle Management Company
  6. 6. Why Yesterday’s Golden Rep isn’t so Golden
  7. 7. Developers Will Bypass Your Repository #sonatype The Component Lifecycle Management Company
  8. 8. Repo-Only Approaches Aren’t Flexible Enough Flexibility #sonatype Control The Component Lifecycle Management Company
  9. 9. Golden Repo Component Approvals Can’t Keep Pace #sonatype The Component Lifecycle Management Company
  10. 10. Without Governance, Components Become Stale Versions without the vulnerabilities exist but they aren’t in the Repo #sonatype The Component Lifecycle Management Company
  11. 11. Vulnerability Discovery is Required Proactive identification and analysis of security vulnerabilities & licensing issues needs to be ongoing and comprehensive #sonatype The Component Lifecycle Management Company
  12. 12. Your Strategy Must Extend to Production Apps Component threats are not static – hackers are not complacent – Continuous protection for production apps is needed #sonatype The Component Lifecycle Management Company
  13. 13. Risk Profiles Vary by App & Organization #sonatype The Component Lifecycle Management Company
  14. 14. Why not use multiple repositories to address these challenges?
  15. 15. Multiple / Segmented Repositories are Not the Answer Managing multiple repositories increases the administrative burden Playing the “let’s change the repo URL and see what breaks” game is problematic Developers don’t know what will or won’t be approved #sonatype Reconciliation tends to happen late in the Dev Cycle The Component Lifecycle Management Company
  16. 16. So what do you need to solve this problem?
  17. 17. A New Approach is Needed Fast Precise Contextual Actionable Continuous 17 #sonatype The Component Lifecycle Management Company
  18. 18. The Component Lifecycle Management Company
  19. 19. Fast: Automated Policies Speed Development Automated Policies Free Humans 1. Humans define policy. 2. Machines automate the implementation of policy. 3. Humans manage exceptions. The Component Lifecycle Management Company
  20. 20. The Component Lifecycle Management Company
  21. 21. The Component Lifecycle Management Company
  22. 22. Contextual: Info Must Be Relevant to My Needs Info Must Be Specific to My Apps & Toolchain • Information needs to apply to my application. • SQL Injection vulnerabilities only apply to DB apps. • CopyLeft licenses may not be a problem for internal applications or services. #sonatype The Component Lifecycle Management Company
  23. 23. The Component Lifecycle Management Company
  24. 24. Actionable: Help Developers Fix Problems Only Developers Can Fix It: Guidance is Key • Now that you've told me about a problem, tell me what I can do to fix it. • Suggest alternatives. • Even if I don't completely understand the risk, if you show me an easy fix, I will take it. #sonatype The Component Lifecycle Management Company
  25. 25. The Component Lifecycle Management Company
  26. 26. The Component Lifecycle Management Company
  27. 27. Continuous: Constant Diligence is Needed to Prevent Rot Component Vulnerabilities are not Static • Applications that have "left the building" don't age like wine. • They age like milk and you need to monitor for newly discovered threats. #sonatype The Component Lifecycle Management Company
  28. 28. The Component Lifecycle Management Company
  29. 29. Only Sonatype is designed for how applications are constructed today. Only Sonatype provides automated policies that guide development and production effort for the entire software lifecycle. The Component Lifecycle Management Company
  30. 30. Sonatype Product Family Sonatype CLM Component Lifecycle Management • • • • • Centrally define governance policies Enforce throughout the lifecycle Integrate with existing developer tools Build security in from the start Continuous trust for production apps Sonatype CLM Nexus Pro CLM Edition Sonatype Nexus Repository Management • Improve collaboration • Controlled release process Component governance in the repo Nexus Pro Enterprise features, enterprise support Nexus OSS Repository • Speed Builds #sonatype Nexus OSS Industry standard open source repository manager The Component Lifecycle Management Company
  31. 31. Want to Learn More? Yes, Policies Can Speed Development: November 6th at 12pm EDT Register Now - http://www.sonatype.com/request/nexus-webinar-series Exclusive Brief – Successful Agile Development Efforts Require Automated “Golden” Policies Available Only to Registrants Join Nexus Live – Automated Deployment of Nexus as Part of a SaaS Platform http://www.sonatype.com/october-nexus-live October 23rd Download a Free Trial – Updated Trial Guide and New Ant & Gradle Samples http://www.sonatype.com/nexus/free-trial #sonatype The Component Lifecycle Management Company

×