December 2023 Learn Package - Our Favorite Things

Happy holidays from the Sonatype Customer Education team! As we wrap up the year, we’re taking the month of December to highlight a few of our favorite things (I promise, there’s no singing). Some of these are throwbacks, but for various reasons, we love them, and we hope you do, too. Read on to see what made our list:

@mfreeland Video: Have you Heard about Innersource Insights?

  • Innersource Insights is an amazing feature of Sonatype Lifecycle that allows you to identify your internally developed and proprietary software components during an application scan. It’s a cool feature that could save teams tons of work. The video has a quick demo with npm to show it off. I highly recommend checking it out.

@egann Video: Have You Heard Video on Docker Subdomain Connector?

  • Sonatype’s Docker Subdomain Connector is important to Sonatype Nexus Repository customers, particularly those in administrator roles because it enables them to access Docker repository content without port connectors. That’s huge since many of our customers oversee hundreds or even thousands of repositories. It reduces the previous tedium associated with managing ports, plus it’s great for scalability.
  • This video is my favorite because it was my first contribution to our “Have You Heard?” video series. It was also my most challenging content to create because, up to this point, I knew absolutely nothing about Docker nor what customers previously had to do to connect their Docker repositories. I had to teach myself and seek out the experts to inform the video script.

@dfletcher Sonatype Learn: Asset Library

  • The Asset Library - launched in September - was an effort to better represent all of the content developed by the CE team. IMHO, this was the most recent big step in better aligning customer learners with relevant content.
  • It was a bit of a bear, especially in our current system, but I’m sure that the centralization of content has helped someone. I wouldn’t expect to see rave reviews on a thing many expect, but we weren’t offering this sort of view to content previously.

@jzora Video: Have you Heard about SAGE?

  • Air-gapped environments are complex and come with restrictions, but they’re here to stay, but regulatory requirements mean they’re here to stay! Being disconnected doesn’t mean you’re immune to supply chain issues or component risk, though. In some ways, air-gapped environments are even more sensitive to these issues.
  • This video is a quick, light overview of SAGE, just to show that Sonatype delivers best-in-class software supply chain protection to air-gapped environments – no jerry-rigging, workarounds, or guessing required.

@kelseyh Sonatype Learn: Ask Sloan Advice Articles

  • Our collection of Ask Sloan Advice Articles covers a wide variety of topics in an approachable way and a creative format. If you ever need a quick, high-level primer on a technical topic with additional resources where you can learn more, Sloan has you covered!

@dwallace Video: Scanning an Application

  • Software engineers always have to be aware of the health of their software components. Scanning is the first step! This video demonstrates the preliminary actions to get a baseline assessment of your applications. You’ll get familiar with the procedures to scan a Webgoat test project and generate a report — with a bill of materials — to help you identify potential risks. Ultimately, “Scan an Application” is a crucial lesson on threat detection with the Sonatype Lifecycle.

@bstrozewski Guide: The Definitive Guide to Developer Adoption

  • I had absolutely nothing to do with this guide, but it’s one of my favorite resources (thank you CE team). This comprehensive resource walks you through ways to help your developers adopt the processes, techniques, and tools you provide for securing your software supply chain.
  • As you’ll see, it’s a journey, and not exactly short. To help you along, the guide is structured in a crawl/walk/run/sprint model and provides key action items for each stage. You’ll notice that lots of the action items are about communicating—and that’s not a coincidence.