golden repository

The Component Lifecycle Management Company

The Golden Repository of

Yesterday is NOT the Answer

Go Fast. Be Secure.

The Webinar will start at 12 PM EDT

Tweet your thoughts: #sonatype


2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 -

1,000

2,000

3,000

4,000

5,000

6,000

7,000

8,000

Re

qu

est

s in

Mill

ion

s

8 BillionRequests in 2012

The Component Revolution

#sonatype


The Need for Repository Management

Why Use a Repository?

Reduce Build Times by proxying cloud repositories and caching components locally.

Improve Collaboration by providing a central location to store, manage, and share common components used across developers and teams.

Enhance Control by providing a mechanism to observe, manager, and govern component usage.

#sonatype


Foundation for Agile, Component-Based Development

#sonatype


Nexus Pro

Go Beyond Basic Repository Management

Know Your Components with Repository Health Check.

Gain Control with automated controls for component management.

Ensure Security with access controls and secure connectivity to the Central Repository.

Scale with Ease with smart proxy to ensure your repos are always available and your teams are in sync.

Manage All Your Components with support for .NET / Nuget repositories.

#sonatype

Why Yesterday’s Golden Rep isn’t so Golden


Developers Will Bypass Your Repository

#sonatype


Repo-Only Approaches Aren’t Flexible Enough

Flexibility Control

#sonatype


Golden Repo Component Approvals Can’t Keep Pace

#sonatype


Without Governance, Components Become Stale

Versions without the vulnerabilities exist but they aren’t in the Repo

#sonatype


Vulnerability Discovery is Required

Proactive identification and analysis of security vulnerabilities & licensing issues needs to be

ongoing and comprehensive

#sonatype


Your Strategy Must Extend to Production Apps

Component threats are not static – hackers are

not complacent –Continuous protection for

production apps is needed

#sonatype


Risk Profiles Vary by App & Organization

#sonatype

Why not use multiple repositories to address these

challenges?


Multiple / Segmented Repositories are Not the Answer

Reconciliation tends to happen late in the Dev

Cycle

Managing multiple repositories increases the administrative burden

Developers don’t know what will or

won’t be approved

Playing the “let’s change the repo URL and see what breaks” game is problematic

#sonatype

So what do you need to solve this problem?


Fast

Precise

Contextual

Actionable

Continuous

A New Approach is Needed

17 #sonatype


Automated Policies Free Humans

1.Humans define policy.

2.Machines automate the implementation of policy.

3.Humans manage exceptions.

Fast: Automated Policies Speed Development


Info Must Be Specific to My Apps & Toolchain

• Information needs to apply to my application.• SQL Injection vulnerabilities only apply to DB

apps.• CopyLeft licenses may not be a problem for

internal applications or services.

Contextual: Info Must Be Relevant to My Needs

#sonatype


Only Developers Can Fix It: Guidance is Key

• Now that you've told me about a problem, tell me what I can do to fix it.

• Suggest alternatives. • Even if I don't completely understand the risk, if

you show me an easy fix, I will take it.

Actionable: Help Developers Fix Problems

#sonatype


Component Vulnerabilities are not Static

• Applications that have "left the building" don't age like wine.

• They age like milk and you need to monitor for newly discovered threats.

Continuous: Constant Diligence is Needed to Prevent Rot

#sonatype


Only Sonatype is designed for how applications are constructed today.

Only Sonatype provides automated policies that guide development and

production effort for the entire software lifecycle.


Sonatype Product Family

Nexus OSS

Sonatype CLM Component Lifecycle Management• Centrally define governance policies• Enforce throughout the lifecycle• Integrate with existing developer tools• Build security in from the start• Continuous trust for production apps

Sonatype Nexus Repository Management• Improve collaboration• Controlled release process

Industry standard open source repository manager

Nexus Pro

Enterprise features, enterprise support

Nexus Pro CLM Edition

Component governance in the repo

Sonatype CLM

Nexus OSS Repository• Speed Builds

#sonatype


Want to Learn More?

#sonatype

Download a Free Trial – Updated Trial Guide and New Ant & Gradle Samples http://www.sonatype.com/nexus/free-trial

Join Nexus Live – Automated Deployment of Nexus as Part of a SaaS Platform http://www.sonatype.com/october-nexus-live October 23rd

Yes, Policies Can Speed Development: November 6th at 12pm EDT

Register Now - http://www.sonatype.com/request/nexus-webinar-series

Exclusive Brief – Successful Agile Development Efforts Require Automated “Golden” Policies

Available Only to Registrants

http://www.sonatype.com/nexus/free-trial

http://www.sonatype.com/october-nexus-live

http://www.sonatype.com/request/nexus-webinar-series



golden repository

Technology

component management

component usage

component revolution8

basic repository management

componentbased development

entire software lifecycle

central repository

repository managementwhy