SlideShare ist ein Scribd-Unternehmen logo

INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

Emerasoft, solutions to collaborate
Emerasoft, solutions to collaborate

INAIL e la cultura cybersecurity: dal DevSecOps alla tutela applicativa. Evento digitale a cura di Emerasoft e Sonatype trasmesso il 26 novembre online. Presentazione a cura di Sonatype: Advanced Development Pack. Per rivedere l'evento: https://youtu.be/gCPK6iydIcE Vuoi saperne di più? vai su www.sonatype.com o scrivi a sales@emerasoft.com per una consulenza personalizzata

Internet
1 von 16
Downloaden Sie, um offline zu lesen
Advanced Development Pack for 26 Novembre 2020
2015 Putting Power Into the Hands of the Developers 2020 2025 DevelopmentSecurity 10% 20% 30% 40% 50% The Market Shift 90% 80% 70% 60% We were historically successful selling here. We are highly differentiated in this market. Security acts as a gate for code deployment. Empower the developers. Integrated and automated end-to-end quality. (They have been historically ineffective at truly integrating into development.) 100% ~60% ~40% ~80% ~20%
Making Developer’s Lives Easier CHOOSE THE BEST COMPONENTS Smarter component selection with our new Exemplar ratings for OSS projects. AVOID SUSPICIOUS PACKAGES Decrease the risk of a security breach or defective code by blocking potentially malicious and harmful OSS releases from entering production environments. KNOW WHAT WILL BREAK Fewer breaking changes and policy violations with simple OSS upgrades and insight into level of effort between version migrations. FIX DEPENDENCIES FASTER Improved dependency management with single click upgrades and guidance on when to upgrade a dependency and why.
Less rework and maintenance due to higher-quality “pool” of components and contextual understanding of what fits organizational requirements. Improved Project Quality with early warning of suspicious behavior in code and access to components from the best suppliers. Increased Bandwidth and Time to Innovate due to reduction in time spent researching quality OSS components. Decreased “Level of Effort” when upgrading to the next best OSS component with our recommendations and single click migrations. Benefits
What’s in the Pack?
Capability Overview Transitive SolverBreaking ChangesComponent Chooser Gives a recommended version for the direct dependency which also resolves the transitive dependency without violating policy or breaking builds. Provides teams with data on “what” will break & how much effort it’ll take to upgrade between current & newer versions. Release Integrity Enhances Nexus Firewall’s capabilities to automatically detect & block suspicious and potentially malicious OSS components before they enter the development environment. Fix Faster We’ll suggest the best ways to resolve problems more effectively when they come up. Enables development teams select the highest-quality OSS components for their projects. They can search and compare components based on hygiene ratings (exemplar, laggard, neutral), view additional component insights, and see what’s already being used/approved within their organization. Develop Seamlessly Make better decisions about components being used in the applications.
Ratings include: ● Exemplar ● Neutral ● Laggard Select the best quality components based on component cleanliness, committer behavior, etc. Easily compare the viability of different components based on their rating. Showing You Only the Best OSS Components Health & Hygiene Data
Early warning and identification of next-gen software supply chain attacks (currently npm only). Avoid threats like typosquatting and malicious code injection. Component risk score to assess level of risk you could take on by choosing that component. Release Integrity with Firewall. Release Integrity
Breaking Changes Intelligence Prioritize component upgrades by development effort. Pinpoint simple upgrades and assess upgrade challenges. Quickly find the best version upgrade without “breaking” the project.
Transitive Solver Comprehensive view into your open source risk profile. Easily solve for direct and transitive dependency violations without failing builds or violating policies. One-click remediation and improved prioritization.
Supporting Slides
2015 Dev Sponsor: ~10% Security Sponsor: ~90% Dev Sponsor: ~40% Security Sponsor: ~60% Dev Sponsor: ~80% Security Sponsor: ~20% Putting Power Into the Hands of the Developers 2020 2025 DevelopmentSecurity 10% 20% 30% 40% 50% 100% 90% 80% 70% 60%
The Market Shift Security acts as a gate for code deployment. Empower the developers. Integrated and automated end-to-end quality. We were historically successful selling here. We are highly differentiated in this market. (They have been historically ineffective at truly integrating into development.)
What Makes a Project Exemplary? Constructing the Data Set Small Exemplar Small development teams (1.6 devs), exemplary MTTU, likely to be commercially supported and 4.3x more popular. Large Exemplar Large development teams (8.3 devs), exemplary MTTU, likely to be foundation supported, 2.5x more popular. Laggard Poor MTTU, high stale dependency count, more likely to be commercially supported. Features First Frequent releases, but poor TTU. Still reasonably popular. Cautious Good TTU, but seldom completely up to date.
INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

Empfohlen

What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?
QAI Global
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
 
How to Ensure Code Quality
How to Ensure Code Quality How to Ensure Code Quality
How to Ensure Code Quality
BairesDev
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software Development
Sonatype
 

Empfohlen

What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?
QAI Global
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
 
How to Ensure Code Quality
How to Ensure Code Quality How to Ensure Code Quality
How to Ensure Code Quality
BairesDev
 
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
WhiteSource
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
Rogue Wave Software
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software Development
Sonatype
 
Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
Sonatype
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security Testing
Shikha Jarial
 
Introduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisIntroduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects Analysis
Ann Marie Neufelder
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...
Ann Marie Neufelder
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
Klocwork
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
Parasoft
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Rushana Bandara
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad Binaries
Sonatype
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
SBWebinars
 
Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud
Suman Sourav
 
SanerNow Vulnerability Management
SanerNow Vulnerability ManagementSanerNow Vulnerability Management
SanerNow Vulnerability Management
SecPod Technologies
 
SecPod Saner
SecPod SanerSecPod Saner
SecPod Saner
Chandrashekhar B
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
Suman Sourav
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliability
Ann Marie Neufelder
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile Development
Checkmarx
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...
Ann Marie Neufelder
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
Enov8
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool Implementation
Checkmarx
 
Purpose and-objectives-of-software-testing
Purpose and-objectives-of-software-testingPurpose and-objectives-of-software-testing
Purpose and-objectives-of-software-testing
pooja deshmukh
 
Software reliability engineering
Software reliability engineeringSoftware reliability engineering
Software reliability engineering
Mark Turner CRP
 
Rhonda Software Quality Assurance Services
Rhonda Software Quality Assurance ServicesRhonda Software Quality Assurance Services
Rhonda Software Quality Assurance Services
Rhonda Software
 

Weitere ähnliche Inhalte

Was ist angesagt?

AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
Parasoft
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
SBWebinars
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 

Was ist angesagt? (20)

Accelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain ManagementAccelerating Innovation with Software Supply Chain Management
Accelerating Innovation with Software Supply Chain Management
 
Challenges in Security Testing
Challenges in Security TestingChallenges in Security Testing
Challenges in Security Testing
 
Introduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisIntroduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects Analysis
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
 
A "Firewall" for Bad Binaries
A "Firewall" for Bad BinariesA "Firewall" for Bad Binaries
A "Firewall" for Bad Binaries
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud Open Source Libraries - Managing Risk in Cloud
Open Source Libraries - Managing Risk in Cloud
 
SanerNow Vulnerability Management
SanerNow Vulnerability ManagementSanerNow Vulnerability Management
SanerNow Vulnerability Management
 
SecPod Saner
SecPod SanerSecPod Saner
SecPod Saner
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
 
Top Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliabilityTop Ten things that have been proven to effect software reliability
Top Ten things that have been proven to effect software reliability
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile Development
 
Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...Four things that are almost guaranteed to reduce the reliability of a softwa...
Four things that are almost guaranteed to reduce the reliability of a softwa...
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool Implementation
 
Purpose and-objectives-of-software-testing
Purpose and-objectives-of-software-testingPurpose and-objectives-of-software-testing
Purpose and-objectives-of-software-testing
 

Ähnlich wie INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

Software reliability engineering
Software reliability engineeringSoftware reliability engineering
Software reliability engineering
Mark Turner CRP
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021
Andy Kwong
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
Parasoft
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
Andrew Kanikuru
 
White-Paper-Continuous-Delivery
White-Paper-Continuous-DeliveryWhite-Paper-Continuous-Delivery
White-Paper-Continuous-Delivery
alkhan50
 
Lisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_ResumeLisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_Resume
Lisa DiFazio
 

Ähnlich wie INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack (20)

Software reliability engineering
Software reliability engineeringSoftware reliability engineering
Software reliability engineering
 
Rhonda Software Quality Assurance Services
Rhonda Software Quality Assurance ServicesRhonda Software Quality Assurance Services
Rhonda Software Quality Assurance Services
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secops
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
 
The Significance of Regression Testing in Software Development.pdf
The Significance of Regression Testing in Software Development.pdfThe Significance of Regression Testing in Software Development.pdf
The Significance of Regression Testing in Software Development.pdf
 
CAST for Vendor Monitoring and Control
CAST for Vendor Monitoring and ControlCAST for Vendor Monitoring and Control
CAST for Vendor Monitoring and Control
 
Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101Standardized Risk Measurement for IT Executives 101
Standardized Risk Measurement for IT Executives 101
 
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your ApplicationsWhite Paper: 7 Security Gaps in the Neglected 90% of your Applications
White Paper: 7 Security Gaps in the Neglected 90% of your Applications
 
Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
 
Managing Software Risk with CAST
Managing Software Risk with CASTManaging Software Risk with CAST
Managing Software Risk with CAST
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Software composition analysis in business 3.pdf
Software composition analysis in business 3.pdfSoftware composition analysis in business 3.pdf
Software composition analysis in business 3.pdf
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 
White-Paper-Continuous-Delivery
White-Paper-Continuous-DeliveryWhite-Paper-Continuous-Delivery
White-Paper-Continuous-Delivery
 
OWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference GuideOWASP Secure Coding Practices - Quick Reference Guide
OWASP Secure Coding Practices - Quick Reference Guide
 
Lisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_ResumeLisa_DiFazio_SQA_Resume
Lisa_DiFazio_SQA_Resume
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
 

Mehr von Emerasoft, solutions to collaborate

Percezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk managementPercezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Emerasoft, solutions to collaborate
 
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelliwebinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
Emerasoft, solutions to collaborate
 
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Emerasoft, solutions to collaborate
 
La Digital Transformation ha un nuovo alleato: Value Stream Management
La Digital Transformation ha un nuovo alleato: Value Stream ManagementLa Digital Transformation ha un nuovo alleato: Value Stream Management
La Digital Transformation ha un nuovo alleato: Value Stream Management
Emerasoft, solutions to collaborate
 
Smartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UISmartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UI
Emerasoft, solutions to collaborate
 

Mehr von Emerasoft, solutions to collaborate (20)

PAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAP
PAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAPPAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAP
PAnontiDEMO_5 motivi per cui una PA ha bisogno di una DAP
 
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk managementPercezione Vs Realtà: uno sguardo data-driven sull'OS risk management
Percezione Vs Realtà: uno sguardo data-driven sull'OS risk management
 
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelliwebinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
webinar LieberLieber & Emerasoft. Verso il DevOps, con i modelli
 
ComeToCode 2022 - speech di Emerasoft
ComeToCode 2022 - speech di EmerasoftComeToCode 2022 - speech di Emerasoft
ComeToCode 2022 - speech di Emerasoft
 
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps Platform
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps PlatformIl DevOps è troppo impegnativo? Keep calm e adotta una DevOps Platform
Il DevOps è troppo impegnativo? Keep calm e adotta una DevOps Platform
 
Onboarding digitale sulle piattaforme della PA - 13.04.pdf
Onboarding digitale sulle piattaforme della PA - 13.04.pdfOnboarding digitale sulle piattaforme della PA - 13.04.pdf
Onboarding digitale sulle piattaforme della PA - 13.04.pdf
 
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022
Gitlab meetup Milano - Focus su Gitlab Devops Platform 27.01.2022
 
Viaggio nel mondo a servizi, come prepararsi per l'avventura
Viaggio nel mondo a servizi, come prepararsi per l'avventuraViaggio nel mondo a servizi, come prepararsi per l'avventura
Viaggio nel mondo a servizi, come prepararsi per l'avventura
 
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
Cloud Journey e IT Modernization: Da app monolitica a microservizi. vFunction...
 
Digitaltogether 2.0 IL MANIFESTO
Digitaltogether 2.0 IL MANIFESTODigitaltogether 2.0 IL MANIFESTO
Digitaltogether 2.0 IL MANIFESTO
 
POLARION by SIEMENS & GITLAB, una coppia vincente
POLARION by SIEMENS & GITLAB, una coppia vincentePOLARION by SIEMENS & GITLAB, una coppia vincente
POLARION by SIEMENS & GITLAB, una coppia vincente
 
Come proteggersi dagli attacchi informatici
Come proteggersi dagli attacchi informaticiCome proteggersi dagli attacchi informatici
Come proteggersi dagli attacchi informatici
 
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...
Versioning dei modelli Enterprise Architect. Collaborazione e Standard con Le...
 
La Digital Transformation ha un nuovo alleato: Value Stream Management
La Digital Transformation ha un nuovo alleato: Value Stream ManagementLa Digital Transformation ha un nuovo alleato: Value Stream Management
La Digital Transformation ha un nuovo alleato: Value Stream Management
 
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...
Inail e la cultura cybersecurity: la Direzione centrale per l’organizzazione ...
 
Polarion ALM & Newired: vincere la resistenza culturale in azienda
Polarion ALM & Newired: vincere la resistenza culturale in aziendaPolarion ALM & Newired: vincere la resistenza culturale in azienda
Polarion ALM & Newired: vincere la resistenza culturale in azienda
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a service
 
Smartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UISmartbear: un framework unico per testare API e UI
Smartbear: un framework unico per testare API e UI
 
Costruire una chain of custody del software - una guida per Cto Cio Devops
Costruire una chain of custody del software - una guida per Cto Cio DevopsCostruire una chain of custody del software - una guida per Cto Cio Devops
Costruire una chain of custody del software - una guida per Cto Cio Devops
 
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
SCA del Software Open Source: come interpretarlo per evitare problemi di sicu...
 

Kürzlich hochgeladen

2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 

Kürzlich hochgeladen (20)

APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 

INAIL e la cultura cybersecurity: Sonatype Advanced Development Pack

  • 2. 2015 Putting Power Into the Hands of the Developers 2020 2025 DevelopmentSecurity 10% 20% 30% 40% 50% The Market Shift 90% 80% 70% 60% We were historically successful selling here. We are highly differentiated in this market. Security acts as a gate for code deployment. Empower the developers. Integrated and automated end-to-end quality. (They have been historically ineffective at truly integrating into development.) 100% ~60% ~40% ~80% ~20%
  • 3. Making Developer’s Lives Easier CHOOSE THE BEST COMPONENTS Smarter component selection with our new Exemplar ratings for OSS projects. AVOID SUSPICIOUS PACKAGES Decrease the risk of a security breach or defective code by blocking potentially malicious and harmful OSS releases from entering production environments. KNOW WHAT WILL BREAK Fewer breaking changes and policy violations with simple OSS upgrades and insight into level of effort between version migrations. FIX DEPENDENCIES FASTER Improved dependency management with single click upgrades and guidance on when to upgrade a dependency and why.
  • 4. Less rework and maintenance due to higher-quality “pool” of components and contextual understanding of what fits organizational requirements. Improved Project Quality with early warning of suspicious behavior in code and access to components from the best suppliers. Increased Bandwidth and Time to Innovate due to reduction in time spent researching quality OSS components. Decreased “Level of Effort” when upgrading to the next best OSS component with our recommendations and single click migrations. Benefits
  • 6. Capability Overview Transitive SolverBreaking ChangesComponent Chooser Gives a recommended version for the direct dependency which also resolves the transitive dependency without violating policy or breaking builds. Provides teams with data on “what” will break & how much effort it’ll take to upgrade between current & newer versions. Release Integrity Enhances Nexus Firewall’s capabilities to automatically detect & block suspicious and potentially malicious OSS components before they enter the development environment. Fix Faster We’ll suggest the best ways to resolve problems more effectively when they come up. Enables development teams select the highest-quality OSS components for their projects. They can search and compare components based on hygiene ratings (exemplar, laggard, neutral), view additional component insights, and see what’s already being used/approved within their organization. Develop Seamlessly Make better decisions about components being used in the applications.
  • 7. Ratings include: ● Exemplar ● Neutral ● Laggard Select the best quality components based on component cleanliness, committer behavior, etc. Easily compare the viability of different components based on their rating. Showing You Only the Best OSS Components Health & Hygiene Data
  • 8. Early warning and identification of next-gen software supply chain attacks (currently npm only). Avoid threats like typosquatting and malicious code injection. Component risk score to assess level of risk you could take on by choosing that component. Release Integrity with Firewall. Release Integrity
  • 9. Breaking Changes Intelligence Prioritize component upgrades by development effort. Pinpoint simple upgrades and assess upgrade challenges. Quickly find the best version upgrade without “breaking” the project.
  • 10. Transitive Solver Comprehensive view into your open source risk profile. Easily solve for direct and transitive dependency violations without failing builds or violating policies. One-click remediation and improved prioritization.
  • 11.
  • 13. 2015 Dev Sponsor: ~10% Security Sponsor: ~90% Dev Sponsor: ~40% Security Sponsor: ~60% Dev Sponsor: ~80% Security Sponsor: ~20% Putting Power Into the Hands of the Developers 2020 2025 DevelopmentSecurity 10% 20% 30% 40% 50% 100% 90% 80% 70% 60%
  • 14. The Market Shift Security acts as a gate for code deployment. Empower the developers. Integrated and automated end-to-end quality. We were historically successful selling here. We are highly differentiated in this market. (They have been historically ineffective at truly integrating into development.)
  • 15. What Makes a Project Exemplary? Constructing the Data Set Small Exemplar Small development teams (1.6 devs), exemplary MTTU, likely to be commercially supported and 4.3x more popular. Large Exemplar Large development teams (8.3 devs), exemplary MTTU, likely to be foundation supported, 2.5x more popular. Laggard Poor MTTU, high stale dependency count, more likely to be commercially supported. Features First Frequent releases, but poor TTU. Still reasonably popular. Cautious Good TTU, but seldom completely up to date.