Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

By Aaron Linskens on December 18, 2023 government

5 minute read time

OpenSSF published a response to CISA's request for comment on their white paper about software identification

Read More...

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

By Jeff Wayman on December 14, 2023 vulnerabilities

6 minute read time

The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.

Read More...

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages

Read More...

The Top 5 trends every DevOps leader needs to know for 2024

By Aaron Linskens on December 07, 2023 Development strategy

3 minute read time

Five key predictions shaping the future of software development with insights to empower DevOps leads in navigating the evolving development landscape

Read More...

The Top 5 trends every CISO needs to know for 2024

By Nicole Lavella on December 07, 2023 CISO

3 minute read time

Five key predictions shaping the future of software development with insights to empower CISOs in navigating the evolving development landscape

Read More...

What goes great with SLSA? Sonatype.

By Jeff Wayman on December 06, 2023 Software Supply Chain

6 minute read time

Learn about seamless compatibility between SLSA and Sonatype products, highlighting the powerful synergy that can enhance your software security efforts

Read More...

How can SLSA help secure your software supply chain?

By Jeff Wayman on December 05, 2023 Software Supply Chain

5 minute read time

Learn how Supply-chain Levels for Software Artifacts (SLSA) can help secure your software supply chain and provide a safer software development environment

Read More...

DevSecOps: A beginner's guide

By Aaron Linskens on December 04, 2023 shift left

6 minute read time

Explore the fundamentals of DevSecOps, its principles, practices, and the shift it represents in security within the software development life cycle

Read More...

The history of Maven Central and Sonatype: A journey from past to present

By Aaron Linskens on November 14, 2023 Software Supply Chain

11 minute read time

Explore the evolution of Maven Central, highlighting its crucial role in the Java ecosystem and software development overall and its connection to Sonatype

Read More...

Previous Next

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

The Top 5 trends every DevOps leader needs to know for 2024

The Top 5 trends every CISO needs to know for 2024

What goes great with SLSA? Sonatype.

How can SLSA help secure your software supply chain?

DevSecOps: A beginner's guide

The history of Maven Central and Sonatype: A journey from past to present

Secure your software supply chain

Subscribe for all the latest software security news and events