Comparing and converting between SBOM formats

10 minute read time

A step-by-step guide on how to convert between SBOM formats using tooling from the official repositories of SPDX and CycloneDX.
Read More...

DevSecOps tools: A beginner's guide

By Aaron Linskens on January 05, 2024 Open Source

6 minute read time

Explore categories of DevSecOps tools and their distinct use cases and roles in reshaping modern software development practices
Read More...

'everything' matters — why the npm package sparked controversy

By Ax Sharma on January 04, 2024 npm

4 minute read time

An npm package sparked controversy after its publication. Understand what it does and how you can safeguard yourself against such packages.
Read More...

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

By Aaron Linskens on December 18, 2023 government

5 minute read time

OpenSSF published a response to CISA's request for comment on their white paper about software identification
Read More...

Dependency mapping: A beginner's guide

By Aaron Linskens on October 20, 2023 vulnerabilities

8 minute read time

Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.
Read More...

A guide for open source software (OSS) security

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains
Read More...

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

By Ax Sharma on August 03, 2023 Open Source

3 minute read time

A malicious PyPI package ‘VMConnect’ designed to resemble VMware vSphere Connector Module was caught by Sonatype’s automated malware detection systems
Read More...

Cyber Resilience Act: The future of software in the European Union

6 minute read time

Discover what the EU Cyber Resilience Act entails and what the consequences might be for open source and software development overall
Read More...

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

7 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain
Read More...