Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Struts2 CVE-2023-50164 by the numbers

By Ilkka Turunen on December 19, 2023 vulnerability disclosure

5 minute read time

Struts2 security vulnerability is not like Log4j, but it is similar to historic breaches and has the potential for disaster if not addressed properly.

Read More...

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

By Aaron Linskens on December 18, 2023 government

5 minute read time

OpenSSF published a response to CISA's request for comment on their white paper about software identification

Read More...

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

By Jeff Wayman on December 14, 2023 vulnerabilities

6 minute read time

The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.

Read More...

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages

Read More...

The Top 5 trends every DevOps leader needs to know for 2024

By Aaron Linskens on December 07, 2023 Development strategy

3 minute read time

Five key predictions shaping the future of software development with insights to empower DevOps leads in navigating the evolving development landscape

Read More...

The Top 5 trends every CISO needs to know for 2024

By Nicole Lavella on December 07, 2023 CISO

3 minute read time

Five key predictions shaping the future of software development with insights to empower CISOs in navigating the evolving development landscape

Read More...

What goes great with SLSA? Sonatype.

By Jeff Wayman on December 06, 2023 Software Supply Chain

6 minute read time

Learn about seamless compatibility between SLSA and Sonatype products, highlighting the powerful synergy that can enhance your software security efforts

Read More...

How can SLSA help secure your software supply chain?

By Jeff Wayman on December 05, 2023 Software Supply Chain

5 minute read time

Learn how Supply-chain Levels for Software Artifacts (SLSA) can help secure your software supply chain and provide a safer software development environment

Read More...

DevSecOps: A beginner's guide

By Aaron Linskens on December 04, 2023 shift left

6 minute read time

Explore the fundamentals of DevSecOps, its principles, practices, and the shift it represents in security within the software development life cycle

Read More...

Previous Next

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Struts2 CVE-2023-50164 by the numbers

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

The Top 5 trends every DevOps leader needs to know for 2024

The Top 5 trends every CISO needs to know for 2024

What goes great with SLSA? Sonatype.

How can SLSA help secure your software supply chain?

DevSecOps: A beginner's guide

Secure your software supply chain

Subscribe for all the latest software security news and events