Senior Cyber Security Architect and Engineer at Microsoft
Real User
2021-03-18T14:23:00Z
Mar 18, 2021
You should have some knowledge of Linux before implementing it, because to set up the rsync and to make sure your data is being replicated and that it's HA, you need to know Linux. We took a look at the demo of Nexus Container and, although I haven't used it hands-on so I cannot say too much about it, it looks like a freaking awesome product. We are in the process of evaluating it and may do a PoC. It looks like it's easy to use, easy to integrate, and does not require a lot of RAM or storage. You can install it on existing Kubernetes clusters, so there's not a lot of infrastructure needed. Using it, I expect we'll find out if the images that we're downloading for the containers are secure or not. It's definitely worth taking a look at it. Default policies are never really a good idea, anywhere. You need to adjust them based on your environment's needs. When we deployed Sonatype, the policies were not automatically configured so that if a packet is malicious it would block it. You need to manually set those up. But their policy engine provided the flexibility that we need. It was really a quick, easy setup. The biggest lesson I've learned from using Sonatype is that open source security is very important and it's getting crazy these days, because there's so much hacking and so many breaches going on, so much vulnerability. Even Microsoft codes and some of the packages in PyPI are not secure. You trust a repository like Microsoft or PyPI, but there are still some vulnerabilities out there. That is why it was so important for Sonatype to be implemented in our environment.
Application security is a significant challenge for software engineers, as well as for security and DevOps professionals. It comprises the measures taken to improve the security of online services and websites against malicious attacks by finding, repairing, and preventing security weaknesses and vulnerabilities.
I would rate the solution an eight out of ten.
You should have some knowledge of Linux before implementing it, because to set up the rsync and to make sure your data is being replicated and that it's HA, you need to know Linux. We took a look at the demo of Nexus Container and, although I haven't used it hands-on so I cannot say too much about it, it looks like a freaking awesome product. We are in the process of evaluating it and may do a PoC. It looks like it's easy to use, easy to integrate, and does not require a lot of RAM or storage. You can install it on existing Kubernetes clusters, so there's not a lot of infrastructure needed. Using it, I expect we'll find out if the images that we're downloading for the containers are secure or not. It's definitely worth taking a look at it. Default policies are never really a good idea, anywhere. You need to adjust them based on your environment's needs. When we deployed Sonatype, the policies were not automatically configured so that if a packet is malicious it would block it. You need to manually set those up. But their policy engine provided the flexibility that we need. It was really a quick, easy setup. The biggest lesson I've learned from using Sonatype is that open source security is very important and it's getting crazy these days, because there's so much hacking and so many breaches going on, so much vulnerability. Even Microsoft codes and some of the packages in PyPI are not secure. You trust a repository like Microsoft or PyPI, but there are still some vulnerabilities out there. That is why it was so important for Sonatype to be implemented in our environment.