Mastering SBOMs: Demonstrations

By Keiana King on February 20, 2024 Development strategy

3 minute read time

Sonatype's webinar highlighted real-world applications of software bills of materials (SBOMs) and provided uses cases for SBOM optimization
Read More...

How DevOps evolved into DevSecOps: Embracing security in software development

By Aaron Linskens on February 09, 2024 devsecops

3 minute read time

Understand how DevOps and DevSecOps are crucial to optimize software development and ensure security is not an afterthought in an SDLC.
Read More...

Mastering SBOMs: Best practices

By Keiana King on February 06, 2024 Development strategy

2 minute read time

Check out Sonatype's recent webinar that sheds light on the importance of software bills of materials (SBOMs) in software development.
Read More...

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

By Ax Sharma on February 05, 2024 vulnerability

5 minute read time

It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's
Read More...

DevSecOps maturity model: A beginner's guide

By Aaron Linskens on January 26, 2024 devsecops

6 minute read time

Explore the concept of a maturity model within the context of DevSecOps which serves as a guide to fortify security practices within software development.
Read More...

npm flooded with 748 packages that store movies

By Ax Sharma on January 25, 2024 vulnerabilities

4 minute read time

The Sonatype Security Research team came across 748 packages flooding the npm software registry.
Read More...

Fake 'distube-config' npm package drops Windows info-stealing malware

By Ax Sharma on January 24, 2024 vulnerabilities

3 minute read time

Sonatype identified two npm packages that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan
Read More...

What is the OWASP Top 10?

By Aaron Linskens on January 12, 2024 vulnerabilities

7 minute read time

Discover the significance of OWASP in cybersecurity – What is OWASP and why it is vital for developers and organizations? Dive deeper with Sonatype.
Read More...

DevSecOps tools: A beginner's guide

By Aaron Linskens on January 05, 2024 Open Source

6 minute read time

Explore categories of DevSecOps tools and their distinct use cases and roles in reshaping modern software development practices
Read More...