Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries
Sonatype Lifecycle

For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]

Read more
Hippocratic Oath of Software: Don’t Make It Worse!

Some of you may be familiar with the Hippocratic Oath common in the medical field, often paraphrased as “Do no harm.” In a light-hearted casual conversation with a colleague the other day, I realized that we need a similar oath in the field of software development: “Don’t make it worse.”

Read more
Building Development Environment

This is a two part post where I will show you how to setup development environment locally. We will start with Vagrant and Virtual Box and their initial setup. Then we will jump into multi-machine setup and provisioning using Puppet. You will also see how Database and WebApp VMs can work together. Vagrant and Virtual […]

Read more
Run Headless Selenium Tests From Jenkins

In a previous blog I went over how to set up headless tests on a centos machine; in this blog, I will be going over how to introduce this machine into a continuous integration environment via Jenkins. The first thing that we need to do is install the Xvfb plugin on the Jenkins instance, which […]

Read more
Introduction To Git-svn

Subversion or SVN is a version control system that has been around for over 15 years and was the industry standard before the arrival of Git. Although Git is far superior to SVN, a lot of places are still tied to SVN for any number of reasons. I was exposed to and worked with only […]

Read more
Maven POM Lint Plugin

I am a big fan of static analysis and formatting tools. I just like my code to be as clean as possible. At the very least, being clean makes the code easier to read and maintain. If I can find a tool that will make it easy for me to keep my code clean, I’ll […]

Read more
What Not To Do With Password Management

As one of our resident security guys, I thought I might write up a quick guide about what not to do with password management.  As long as you build a website or web service, at some point you’re most likely going to have to store a password.  Unfortunately for many developers out there (in organizations […]

Read more
Using Components with Known Vulnerabilities

One of the items on the 2013 OWASP Top Ten is “Using Components with Known Vulnerabilities.” It is new on this year’s list, debuting at number 9. OWASP lists at as being widespread and difficult to detect. The issue is that modern software is made up of dozens, if not hundreds, of third-party components. Even […]

Read more for Email Testing

Testing applications and web sites that send email can be difficult. During testing you might generate many email notifications and you don’t want to flood a real mailbox. Or you might not want email from a development system being confused for production email. And especially when using production data during development, you might want to […]

Read more
SecureCI: Enforce Formatting On Your SVN Comments

Most of us like things done the right way and (more often than not) our way. Nothing can be more infuriating than looking through poorly documented logs or code, and trying to understand poor documentation and what it was meant to get across. During development we often look to setting up good coding practices that […]

Read more