Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

By Jeff Wayman on October 31, 2023 Cybersecurity

5 minute read time

Read about how the Securities and Exchange Commission charged SolarWinds and its chief information security officer for violating federal securities laws

Read More...

Software dependencies: A beginner's guide

By Aaron Linskens on October 27, 2023 Software Supply Chain

5 minute read time

Explore software dependencies, their two main categories of direct and transitive, and find out how to manage software dependencies at scale

Read More...

Dependency mapping: A beginner's guide

By Aaron Linskens on October 20, 2023 vulnerabilities

8 minute read time

Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.

Read More...

Open source risk management: Safeguarding software integrity

By Aaron Linskens on October 13, 2023 secure software supply chain

6 minute read time

Explore open source risk management as the identification and mitigation of security, compliance, and operational risks with using open source software

Read More...

How manufacturing best practices can improve open source consumption and software supply chains

By Jeff Wayman on October 12, 2023 thought leaders

5 minute read time

Explore Sonatype's research paper developed in partnership with the Atlantic Council on software supply chain best practices for open source consumption

Read More...

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

3 minute read time

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

Read More...

Introducing our 9th annual State of the Software Supply Chain report

By Aaron Linskens on October 03, 2023 open source security

5 minute read time

Sonatype announces the arrival of our 9th annual State of the Software Supply Chain report that explores open source security, industry trends, and more.

Read More...

SAST vs. DAST: Enhancing application security

By Aaron Linskens on September 21, 2023 DAST

7 minute read time

Explore advantages and limits of static application security testing SAST and dynamic application security testing DAST in application security

Read More...

npm packages caught exfiltrating Kubernetes config, SSH keys

By Ax Sharma on September 19, 2023 npm

4 minute read time

Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server

Read More...

Previous Next

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

Software dependencies: A beginner's guide

Dependency mapping: A beginner's guide

Open source risk management: Safeguarding software integrity

How manufacturing best practices can improve open source consumption and software supply chains

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

Introducing our 9th annual State of the Software Supply Chain report

SAST vs. DAST: Enhancing application security

npm packages caught exfiltrating Kubernetes config, SSH keys

Secure your software supply chain

Subscribe for all the latest software security news and events