Yes, Policies Can Speed Development
-
Upload
sonatype -
Category
Technology
-
view
163 -
download
4
description
Transcript of Yes, Policies Can Speed Development
The Component Lifecycle Management Company
Yes, Policies Can Speed
Development
Go Fast. Be Secure.
The Webinar will start at 12 PM EDT
Tweet your thoughts: #sonatype
The Component Lifecycle Management Company
90%AssembledWritten
Software Evolution
The Component Lifecycle Management Company
Component Usage Has Exploded
The Component Lifecycle Management Company
The Need for Repository Management
Why Use a Repository?
Reduce Build Times by proxying cloud repositories and caching components locally.
Improve Collaboration by providing a central location to store, manage, and share common components used across developers and teams.
Enhance Control by providing a mechanism to observe, manager, and govern component usage.
#sonatype
The Component Lifecycle Management Company
Foundation for Agile, Component-Based Development
#sonatype
The Component Lifecycle Management Company
Nexus Pro
Go Beyond Basic Repository Management
Know Your Components with Repository Health Check.
Gain Control with automated controls for component management.
Ensure Security with access controls and secure connectivity to the Central Repository.
Scale with Ease with smart proxy to ensure your repos are always available and your teams are in sync.
Manage All Your Components with support for .NET / Nuget repositories.
#sonatype
State of Open Source Governance
The Component Lifecycle Management Company
The Component Lifecycle Management Company
The Component Lifecycle Management Company
The Problem With Policies:Why Developers think Policy is a “4 Letter Word”
The Component Lifecycle Management Company
• They are manual• They are static• They are inflexible• They are document-centric• They are generic• They are approval-laden• The implementation is reactive
The Problem with Today’s Policy Approach
“All of our developers are killing us because of the work that comes out of using a static scan – it isn't even work prisoners should be made to do” – Senior IT Executive
The Component Lifecycle Management Company
• Component volume, diversity, complexity & release cadence• Large number of applications• Varying risk posture of organizations & applications• Agile-based development or fast waterfall delivery cycles• Security, Legal/Compliance, Architecture, Dev, IT Ops silos
Ineffective Policies are Exacerbated by Today’s Development Approach
40,000 Projects200MM Classes
400K Components
Typical EnterpriseConsumes 100s of
Components Monthly
Typical Component is Updated 4X
per Year
One component may rely on 100s
of others
The Component Lifecycle Management Company
The End Result of Ineffective Policies
OR
They slowdevelopment
Business needs arenot met – fingerpointing ensues
Developers follow them &
use sub-optimal components
Risk is increased since outdated “approved”
components are used
Developers bypass them
Organizations put at risk since components
are not properly governed
OR
One Potential Approach:Automating the Approval Workflow
The Component Lifecycle Management Company
Automated Approval Workflow Doesn’t Work
Linear
Reactive
Belated
Unenforceable
Static
A Better Approach:Automating Policies
The Component Lifecycle Management Company
Extends Trust into Production
Applications
Provides up-front guidance to developers
#sonatype
Integrates guidance & enforcement directly in Dev
Tools
Automated Policies Keep Pace With Today’s Development Approach
• Automated policies free humans to focus on higher value tasks (policy definition and exception management)
• Accommodates risk profiles for different organization / application requirements
• Policies drive proactive notification and action for newly discovered vulnerabilities (continuous trust for production apps)
Product Demo
The Component Lifecycle Management Company
Only Sonatype CLM is designed for how applications are constructed
today.
Only Sonatype provides automated policies that guide development and
production effort for the entire software lifecycle.
The Component Lifecycle Management Company
Sonatype Product Family
Nexus OSS
Sonatype CLM Component Lifecycle Management• Centrally define governance policies• Enforce throughout the lifecycle• Integrate with existing developer tools• Build security in from the start• Continuous trust for production apps
Sonatype Nexus Repository Management• Improve collaboration• Controlled release process
Industry standard open source repository manager
Nexus Pro
Enterprise features, enterprise support
Nexus Pro CLM Edition
Component governance in the repo
Sonatype CLM
Nexus OSS Repository• Speed Builds
#sonatype
The Component Lifecycle Management Company#sonatype
Download a Free Trial – Updated Trial Guide and New Ant & Gradle Samples http://www.sonatype.com/nexus/free-trial
Join Nexus Live – Nexus and Chef as Part of the DevOps Pipeline http://www.sonatype.com/news/november-nexus-live November 21st
Read the Brief – Enhanced Repository Management: Automated Policy Governance for Agile Development Efforts http://www.sonatype.com/nexusproclm
Resources to Learn More
Where to go to learn more?