Data di nascita: 2005 Dove siamo: via Po, 1 – Torino via del Poggio Lauren5no, 118 -‐ Roma “Il nostro impegno è nella costante ricerca della migliore soluzione per il cliente, garantendo eccellenza nella qualità di servizi e prodoT propos5. La nostra promessa è di svolgere il nostro lavoro con costanza e passione”
DevOps IoT
Testing
ALM
SOA Business Intelligence
Security
Compliance Management
University
ALM+PLM
traceability
standard compliance
BRMS
BI
User Experience SS4B Enterprise Mobility
agile
IoD
BPM
Open Source
API Usability
Agenda Webinar: “La Supply Chain del so8ware vista a raggi X: da=, principi e best prac=ce per accelerare l’innovazione”
• L’u5lizzo e lo stato dei componen5 so)ware • I principi della Supply Chain del so)ware • Technical Insights • Q&A
5
La Supply Chain del so8ware vista a raggi X: da=, principi e best prac=ce per accelerare l’innovazione
“Open source underpins all of our mission critical applications. Therefore, we must
ensure that we are using the highest quality components at every stage of the
development cycle.”
Don Duet Co-‐head of Technology
Goldman Sachs
229,898 downloads
orders
5,275 components - all versions
parts
2,071 components
suppliers
Analysis of 3,000
organizations
Warehouses Manufacturers Finished Goods
6.1% component downloads are
vulnerable
5.6% components in repository managers
are vulnerable
6.8% components in applications are
vulnerable
NEWER COMPONENTS MAKE BETTER SOFTWARE
Analysis of components in 25,000 applications scans
COMPONENTS BY YEAR
DEFECT DENSITY
1 2 3 4 5 6 7 8 9 10 11
5%
10%
15%
20%
25%
Component Age in Years
3X HIGHER DEFECT DENSITY
OLDER COMPONENTS DIE OFF Analysis of components in 25,000 applications scans
INACTIVE PROJECTS (% on latest version)
1 2 3 4 5 6 7 8 9 10 11
5%
10%
15%
20%
25%
Component Age in Years
Nexus Firewall:
Protecting from external
vulnerabilities
Check the status of your code
Detect and apply known safe fixes on your components
Monitor vulnerability and exposure of your repositories
books.sonatype.com
Application security: Set your own security level
Take control of your organization • Applications • Policies
Secure licenses • Age • License • Actions
Analytics • Vulnerabilities • Licenses • Custom policies
Nexus Procurement
Suite: Enforce
repositories
Procured Release -‐ Open to developers -‐ Controlled staging
Procured Development -‐ Filtered repositories
for developers
books.sonatype.com
$7.42M Estimated cost to remediate 10% of
defects across 2000 applications.
www.sonatype.com/calculator
Contenu5 disponibili su:
Canale slideshare di Emeraso) Canale Youtube Emeraso) Visita il nostro sito emeraso).com
WHAT’S NEXT
Contacaci: sales@emeraso).com Email: federico.pagnozzi@emeraso).com Q&A ?
@
WWW
Segui i nostri canali …
www.emerasoft.com [email protected]
Emerasoft Srl via Po, 1 – 10124 Torino via del Poggio Laurentino, 118 – 00144 Roma T +39 011 0120370 T +39 06 87811323 F +39 011 3710371
Grazie…
Contatti