Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
What is Software Testing?
What is Software Testing?
Wird geladen in …3
×

Hier ansehen

1 von 16 Anzeige

INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

Herunterladen, um offline zu lesen

INAIL e la cultura cybersecurity: dal DevSecOps alla tutela applicativa. Evento digitale a cura di Emerasoft e Sonatype trasmesso il 26 novembre online.
Presentazione a cura di Sonatype: Advanced Development Pack.
Per rivedere l'evento: https://youtu.be/gCPK6iydIcE
Vuoi saperne di più? vai su www.sonatype.com o scrivi a sales@emerasoft.com per una consulenza personalizzata

INAIL e la cultura cybersecurity: dal DevSecOps alla tutela applicativa. Evento digitale a cura di Emerasoft e Sonatype trasmesso il 26 novembre online.
Presentazione a cura di Sonatype: Advanced Development Pack.
Per rivedere l'evento: https://youtu.be/gCPK6iydIcE
Vuoi saperne di più? vai su www.sonatype.com o scrivi a sales@emerasoft.com per una consulenza personalizzata

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack (20)

Anzeige

Weitere von Emerasoft, solutions to collaborate (20)

Aktuellste (20)

Anzeige

INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

  1. 1. Advanced Development Pack for 26 Novembre 2020
  2. 2. 2015 Putting Power Into the Hands of the Developers 2020 2025 DevelopmentSecurity 10% 20% 30% 40% 50% The Market Shift 90% 80% 70% 60% We were historically successful selling here. We are highly differentiated in this market. Security acts as a gate for code deployment. Empower the developers. Integrated and automated end-to-end quality. (They have been historically ineffective at truly integrating into development.) 100% ~60% ~40% ~80% ~20%
  3. 3. Making Developer’s Lives Easier CHOOSE THE BEST COMPONENTS Smarter component selection with our new Exemplar ratings for OSS projects. AVOID SUSPICIOUS PACKAGES Decrease the risk of a security breach or defective code by blocking potentially malicious and harmful OSS releases from entering production environments. KNOW WHAT WILL BREAK Fewer breaking changes and policy violations with simple OSS upgrades and insight into level of effort between version migrations. FIX DEPENDENCIES FASTER Improved dependency management with single click upgrades and guidance on when to upgrade a dependency and why.
  4. 4. Less rework and maintenance due to higher-quality “pool” of components and contextual understanding of what fits organizational requirements. Improved Project Quality with early warning of suspicious behavior in code and access to components from the best suppliers. Increased Bandwidth and Time to Innovate due to reduction in time spent researching quality OSS components. Decreased “Level of Effort” when upgrading to the next best OSS component with our recommendations and single click migrations. Benefits
  5. 5. What’s in the Pack?
  6. 6. Capability Overview Transitive SolverBreaking ChangesComponent Chooser Gives a recommended version for the direct dependency which also resolves the transitive dependency without violating policy or breaking builds. Provides teams with data on “what” will break & how much effort it’ll take to upgrade between current & newer versions. Release Integrity Enhances Nexus Firewall’s capabilities to automatically detect & block suspicious and potentially malicious OSS components before they enter the development environment. Fix Faster We’ll suggest the best ways to resolve problems more effectively when they come up. Enables development teams select the highest-quality OSS components for their projects. They can search and compare components based on hygiene ratings (exemplar, laggard, neutral), view additional component insights, and see what’s already being used/approved within their organization. Develop Seamlessly Make better decisions about components being used in the applications.
  7. 7. Ratings include: ● Exemplar ● Neutral ● Laggard Select the best quality components based on component cleanliness, committer behavior, etc. Easily compare the viability of different components based on their rating. Showing You Only the Best OSS Components Health & Hygiene Data
  8. 8. Early warning and identification of next-gen software supply chain attacks (currently npm only). Avoid threats like typosquatting and malicious code injection. Component risk score to assess level of risk you could take on by choosing that component. Release Integrity with Firewall. Release Integrity
  9. 9. Breaking Changes Intelligence Prioritize component upgrades by development effort. Pinpoint simple upgrades and assess upgrade challenges. Quickly find the best version upgrade without “breaking” the project.
  10. 10. Transitive Solver Comprehensive view into your open source risk profile. Easily solve for direct and transitive dependency violations without failing builds or violating policies. One-click remediation and improved prioritization.
  11. 11. Supporting Slides
  12. 12. 2015 Dev Sponsor: ~10% Security Sponsor: ~90% Dev Sponsor: ~40% Security Sponsor: ~60% Dev Sponsor: ~80% Security Sponsor: ~20% Putting Power Into the Hands of the Developers 2020 2025 DevelopmentSecurity 10% 20% 30% 40% 50% 100% 90% 80% 70% 60%
  13. 13. The Market Shift Security acts as a gate for code deployment. Empower the developers. Integrated and automated end-to-end quality. We were historically successful selling here. We are highly differentiated in this market. (They have been historically ineffective at truly integrating into development.)
  14. 14. What Makes a Project Exemplary? Constructing the Data Set Small Exemplar Small development teams (1.6 devs), exemplary MTTU, likely to be commercially supported and 4.3x more popular. Large Exemplar Large development teams (8.3 devs), exemplary MTTU, likely to be foundation supported, 2.5x more popular. Laggard Poor MTTU, high stale dependency count, more likely to be commercially supported. Features First Frequent releases, but poor TTU. Still reasonably popular. Cautious Good TTU, but seldom completely up to date.

×