Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

SCA and SAST: What do they do and how can they help developers like you?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...
READ MORE

How does developer morale affect my software supply chain?

By Luke Mcbride on January 03, 2023 survey

4 minute read time

Your place in the software supply chain has a lot to do with your development staff. A look at Sonatype data on developer state-of-mind and performance.
Read More...
AI generated image of two purple robots fighting against the background of blue and purple fire
READ MORE

PGP vs. sigstore: A recap of the match at Maven Central

7 minute read time

We put code-signing tools PGP and sigstore in a head-to-head match with Maven Central users to find a winner. The results may surprise you.
Read More...
Bride at her computer in front of multiple screens
READ MORE

What do Log4Shell and a global pandemic have in common?

By Theresa Mammarella on November 15, 2022 AppSec

4 minute read time

A look at development through the lens of weddings, including long-term planning, contingencies, and disasters. A video talk from this years DEVOXX.
Read More...
Stylistic image of many hands contributing puzzle peices
READ MORE

HID Global's three pillars of operational security

By Karin Althaus on June 15, 2022 Application Security

5 minute read time

The foundations of security at HID Global are a balanced set of tools, policies, and expertise. A look back at a DevSecOps Leadership Forums talks in Paris.
Read More...
Packages going through a supply chain
READ MORE

What constitutes a software supply chain attack?

By Ax Sharma on August 03, 2021 vulnerabilities

7 minute read time

ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...
Image of various software icon elements
READ MORE

Effective tools for software composition analysis (SCA)

By IT Central Station on July 14, 2021 license risk

4 minute read time

Better developer tools for the software supply chain mean a faster, more effective team.
Read More...
READ MORE

Breaking organizational silos for better application security

By Phil Vuollet on July 08, 2021 AppSec

4 minute read time

Security depends on collaboration and communication. Our recent Elevate talk breaks down pillars, structure, and suggestions for organizational silos.
Read More...
image of notebook with checkmarks representing software bill of materials
READ MORE

SBOM – From the idea of transparency to the reality of code

4 minute read time

Allan Friedman from the NTIA has been working on SBOM standards in government and industry, for years. He spoke at ELEVATE 2021 about their status and future.
Read More...