Brian Fox | Devoxx

Brian Fox
Brian Fox Twitter

From Sonatype

Brian is Chief Technical Officer at Sonatype. He has extensive open source experience as a member of the Apache Software Foundation and former Chair of the Apache Maven project. Brian was a direct contributor to the Maven ecosystem, including the maven-dependency-plugin and maven-enforcer-plugin. He has over 15 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises. Brian is a frequent speaker at national and regional events including Java User Groups and other development related conferences.

java Java, JVM, Javas SE/EE

BOF Apache Maven

BOF (Bird of a Feather)

Apache Maven 3.5.0, Jigsaw, POM model v5, ... Apache Maven ne se repose pas sur ses lauriers. Il continue d'évoluer tout en restant complètement indépendant de toute entreprise et des enjeux commerciaux.

Venez discuter avec différents membres de l’équipe mais aussi les contributeurs et acteurs du projet pour partager votre point de vue, vos douleurs, vos envies d’évolutions, pour qu’Apache Maven continue au quotidien à vous rendre service, à vous rendre plus productif.

agTest DevOps, Agilité, Méthodologie & Tests

DevSecOps - Security at Devops speed with EDF


Software development is pressed for faster and faster release cycles with acceptable quality, budget and security. As movements like CI, CD and Devops aim to cut down on release cycles, it's security's job to help control the risk. The risk landscape is complex as modern development practices increasingly consume more and more third party code. Traditional methods do not cut it anymore - it's time for DevSecOps.

Oliver Routier from EDF will show how EDF successfully implemented DevSecOps practices in an Enterprise environment in order to accelerate the choice of framework versions and enhance deployment quality.

Brian Fox from Sonatype will give an overview of how other companies have implemented DevSecOps practices in their own delivery pipelines and how this can help increase developer awareness of risks affecting them. He'll walk an example CICD Pipeline and explore how security has been embedded as a part of it, how the movement is shaping up and how standards are starting to follow suite.

TBA : To be announced / Salle non affectée