Embed Size (px)
Citation preview
A “FIREWALL” FOR BAD BINARIESRevolutionizing Repository Management with Nexus Firewall
TODAY’S PRESENTER
@sonatype
Member of the Apache Software Foundation
15+ Years Driving Product Vision / Roadmap
Former Chair of Apache Maven Project
Software is an Innovation Differentiator
@sonatype
4
Agile
DevOps
Continuous Integration
Continuous Delivery
Lean
Internet of Things
Open Source
Modularity
Software Factories
@sonatype
Quality?
Security?
Maintainability?
Repeatability?
Raw innovation Innovation at
any cost
Net innovation Net value to the
organization
6
Starts with ‘Building Quality In at Velocity’
@sonatype
John Willis
DevOps Days Core Organizer
Gareth Rushgrove
Puppet Labs
Nigel Simpson
F-100 Entertainment Giant
@sonatype
Catching Defects Early Costs Less
Design,
Requirements
Build Test Deploy Post-Prod
SDLC Stage
Co
st
an
d T
ime
to
Id
en
tify
an
d R
em
ove
Defe
cts
Continuous
Waterfall
“The Continuous Gap”
Expectation of Continuous
Detect fast - Remediate fast - Reduce rework
@sonatype
@sonatype
2015 State of the Software Supply Chain
240,000 downloads annually
1 in 16 components
downloaded is known vulnerable
10
.
@sonatype
FOSS Review Board
Scans post development
Golden repository
Approval workflow
Anti Patterns…
12
Component Information Panel – Build quality in by selecting the best componentsIntroduced in 2014
https://books.sonatype.com/nexus-book/reference/component-info.html
13
15,000 Reports Daily + 30M ComponentsIntroduced in 2012
https://books.sonatype.com/nexus-book/reference/rhc.html
A Closer Look at the Repository
7,000 repos w/ 500 or
more software components were analyzed.
98% of repositories consumed
a vulnerable component
23 known vulnerabilities flow
into repos per month
14
.
INTRODUCING A FIREWALL FOR BAD BINARIES
ANOTHER LAYER TO OUR
“BUILD QUALITY IN AT VELOCITY”
STORY
@sonatype
16
Sonatype’s Nexus Firewall
proxy repo staging repo production
development
quarantine area
17
Demo: What Are We Going to Show?
• Block Undesirable Components from Repository
• Check Component Against Policy
• Real-time Component Intelligence
• Policy Enforcement Across Staging Repos
18
Ensuring Quality Beyond the Repository
LEARN MORE bitly.com/nexusfirewall
@sonatype
Start OSS governance at the earliest point: Your repository
A ‘FIREWALL’ FOR BAD BINARIESRevolutionizing Repository Management with Nexus Firewall
