Yes, Policies Can Speed Development

The Component Lifecycle Management Company

Yes, Policies Can Speed

Development

Go Fast. Be Secure.

The Webinar will start at 12 PM EDT

Tweet your thoughts: #sonatype


90%AssembledWritten

Software Evolution


Component Usage Has Exploded


The Need for Repository Management

Why Use a Repository?

Reduce Build Times by proxying cloud repositories and caching components locally.

Improve Collaboration by providing a central location to store, manage, and share common components used across developers and teams.

Enhance Control by providing a mechanism to observe, manager, and govern component usage.

#sonatype


Foundation for Agile, Component-Based Development

#sonatype


Nexus Pro

Go Beyond Basic Repository Management

Know Your Components with Repository Health Check.

Gain Control with automated controls for component management.

Ensure Security with access controls and secure connectivity to the Central Repository.

Scale with Ease with smart proxy to ensure your repos are always available and your teams are in sync.

Manage All Your Components with support for .NET / Nuget repositories.

#sonatype

State of Open Source Governance

The Problem With Policies:Why Developers think Policy is a “4 Letter Word”


• They are manual• They are static• They are inflexible• They are document-centric• They are generic• They are approval-laden• The implementation is reactive

The Problem with Today’s Policy Approach

“All of our developers are killing us because of the work that comes out of using a static scan – it isn't even work prisoners should be made to do” – Senior IT Executive


• Component volume, diversity, complexity & release cadence• Large number of applications• Varying risk posture of organizations & applications• Agile-based development or fast waterfall delivery cycles• Security, Legal/Compliance, Architecture, Dev, IT Ops silos

Ineffective Policies are Exacerbated by Today’s Development Approach

40,000 Projects200MM Classes

400K Components

Typical EnterpriseConsumes 100s of

Components Monthly

Typical Component is Updated 4X

per Year

One component may rely on 100s

of others


The End Result of Ineffective Policies

OR

They slowdevelopment

Business needs arenot met – fingerpointing ensues

Developers follow them &

use sub-optimal components

Risk is increased since outdated “approved”

components are used

Developers bypass them

Organizations put at risk since components

are not properly governed

OR

One Potential Approach:Automating the Approval Workflow


Automated Approval Workflow Doesn’t Work

Linear

Reactive

Belated

Unenforceable

Static

A Better Approach:Automating Policies


Extends Trust into Production

Applications

Provides up-front guidance to developers

#sonatype

Integrates guidance & enforcement directly in Dev

Tools

Automated Policies Keep Pace With Today’s Development Approach

• Automated policies free humans to focus on higher value tasks (policy definition and exception management)

• Accommodates risk profiles for different organization / application requirements

• Policies drive proactive notification and action for newly discovered vulnerabilities (continuous trust for production apps)

Product Demo


Only Sonatype CLM is designed for how applications are constructed

today.

Only Sonatype provides automated policies that guide development and

production effort for the entire software lifecycle.


Sonatype Product Family

Nexus OSS

Sonatype CLM Component Lifecycle Management• Centrally define governance policies• Enforce throughout the lifecycle• Integrate with existing developer tools• Build security in from the start• Continuous trust for production apps

Sonatype Nexus Repository Management• Improve collaboration• Controlled release process

Industry standard open source repository manager

Nexus Pro

Enterprise features, enterprise support

Nexus Pro CLM Edition

Component governance in the repo

Sonatype CLM

Nexus OSS Repository• Speed Builds

#sonatype

The Component Lifecycle Management Company#sonatype

Download a Free Trial – Updated Trial Guide and New Ant & Gradle Samples http://www.sonatype.com/nexus/free-trial

Join Nexus Live – Nexus and Chef as Part of the DevOps Pipeline http://www.sonatype.com/news/november-nexus-live November 21st

Read the Brief – Enhanced Repository Management: Automated Policy Governance for Agile Development Efforts http://www.sonatype.com/nexusproclm

Resources to Learn More

Where to go to learn more?

http://www.sonatype.com/nexus/free-trial

http://www.sonatype.com/news/november-nexus-live



http://www.sonatype.com/nexusproclm

Yes, Policies Can Speed Development

Technology

Transcript of Yes, Policies Can Speed Development