About the Conference
Elevate, a Sonatype user event is a free, live, and online conference available to DevSecOps practitioners and managers interested in understanding how repository managers and automated governance function as part of a DevOps pipeline. On June 17, 2021 we held our 4th-annual user conference with 30+ sessions and workshops. The Sonatype Nexus platform offers customers full-spectrum control of the cloud-native software development lifecycle including: first-party source code, third-party open source code, infrastructure as code, and containerized code. In June 2021 we brought together our engineering team, a robust ecosystem of partners, and our practitioner community of over 10 million developers to feature topics and content covering all aspects of Nexus Lifecycle, Nexus Firewall, and Nexus Repository and its ecosystem. Sessions are suitable for all levels of Nexus practitioners, DevOps leaders, and C-level executives.
What to Expect
Show & Tell
Our engineering and customer success teams will reveal new features, share implementation best practices, and deliver live demos of our full-spectrum coverage of the software development life cycle including our free developer tools. Sessions will give Sonatype engineers a chance to show off the cool and innovative things they've built to make your job easier.
Insights & Best Practices
Learn from other users who have improved their time to identify and remediate risky components by 70%, reduced their window of exposure by 75%, saved four hours of rework per week per developer, and standardized on Nexus Repository for all of their build artifacts.
There are no velvet ropes to block you from conversations with anyone at our conference. It's open, accessible, and free. We encourage discussions through our community and will facilitate open-space conversations throughout the conference. Connect directly with our product teams to get all your questions answered and learn about everything Sonatype has to offer!
Full-Spectrum Software Supply Chain Management
Brian Fox, Sonatype CTO
Sonatype unveils the next-generation Nexus platform offering developers and security experts full-spectrum control of the cloud-native SDLC delivering open source dependency management, source code analysis, and infrastructure and container governance.
The Developer Experience Gap and Enterprise Velocity
Stephen O'Grady, RedMonk
As enterprise look to move more and more quickly, one of the biggest challenges they face is improving the velocity at which they can release software. Initially, the solution was thought to be fleets of specialized tools and services, but this led to a fragmented experience that left developers with the burden of building and maintaining ever more complicated toolchains. By focusing on improving this and improving the overall Developer Experience, developers get to focus on writing code and the enterprises they work for get to accelerate their time to delivery.
SBOM — From the Idea of Transparency to the Reality of Code
Allan Friedman, NTIA
The idea that we should know what is in our code isn’t new. Yet a “Software Bill Of Materials” is just emerging as an obvious and essential part of our software assurance and supply chain security process. This talk will review the idea of a ‘list of ingredients’ for software, highlight the global consensus around the concept and the standards we have to represent the data for automation, and summarize the types of tools available to make sure that SBOM generation and consumption can be one of the easier parts of our DevSecOps toolkit.
Sustainable Software Supply Chain Risk Management for the Modern Enterprise
Chenxi Wang, Founder & General Partner Rain Capital
Third-party software components are used liberally in today's modern development shops, introducing security and compliance risks. As supply chain risks emerge as a priority, managing software supply chains has become a top appsec initiative. In this talk, we look at the example of a fast growing startup and how they manage software supply chain risk within the context of extensive DevOps and stringent speed-to-market requirements.
Code Quality Analysis
Find critical bugs in your code, with the click of a button! Built for developers in GitHub, GitLab, and BitBucket, discover how dev teams can catch a broad range of quality, performance reliability, and security errors when they’re easiest to fix — during code review.
As part of Sonatype’s unwavering commitment to the open source and developer communities, learn how Sonatype brings peers and product experts together to share best practices and stay in the know on all the great OSS services provided to the Sonatype community.
Kubernetes-native, full life cycle container security providing continuous visibility into image vulnerabilities and compliance misconfigurations from build to production with automated behavior-based security policies.
Learn how developers can find and easily fix misconfigurations in Terraform plans before they are applied to production infrastructure ensuring continuous Infrastructure as Code (IaC) compliance and policy sets in production environments.
Embracing all the benefits of open source and DevSecOps, learn how Sonatype delivers an integrated dependency management platform with advanced component intelligence to enforce open source policy and eliminate risk across every phase of your SDLC.
Enable your teams to innovate and deliver solutions faster to market with universal package management for all your team’s build artifacts, container images, and Helm charts.
Sonatype is Hiring!
We are 400+ employees from more than 50 countries. But, we all share one thing in common: we’re passionate about accelerating software innovation. Come join our team!