Artifact Repository
For a financial services firm, the importance of hosting an artifact repository manager such as JFrog Artifactory or Sonatype's Nexus inside the firm's firewall cannot be overstated.
These tools serve as critical components in the firm's software development lifecycle, enabling secure, efficient management and storage of binary artifacts, dependencies, and build artifacts.
By situating these repositories internally, the firm significantly enhances its cybersecurity posture.
Having an internal repository:
- Accelerates development workflows - the repository acts as a local cache for dependencies.
- Reduces external dependencies - code can be built entirely within the firm's network.
- Minimizes downtime - as developers are not relying on third-party infrastructure such as npmjs.com or Maven Central.
Related Activities
Using Open Source Software
Using open source software within a financial services organisation poses unique challenges. This article outlines some of the potential pitfalls and solutions when getting started.
Software Inventory
Software inventory is a precondition to most of the activities involved in OSMM level 2. The first step to licence compliance or supply chain security is to understand what software is in your estate.
Open Source Supply Chain Security
In this article we are going to look at the growing issue of software supply chain attacks via some examples and then look at the emerging field of open source supply chain security: what it is, current best practices, the institutional landscape and emerging legislation.