Featured Article

Introducing our 9th annual State of the Software Supply Chain report

By Aaron Linskens on October 03, 2023 open source security

Sonatype announces the arrival of our 9th annual State of the Software Supply Chain report that explores open source security, industry trends, and more.

Read More

Introducing our 9th annual State of the Software Supply Chain report

By Aaron Linskens on October 03, 2023 open source security

5 minute read time

Sonatype announces the arrival of our 9th annual State of the Software Supply Chain report that explores open source security, industry trends, and more.

Read More...

SAST vs. DAST: Enhancing application security

By Aaron Linskens on September 21, 2023 DAST

7 minute read time

Explore advantages and limits of static application security testing SAST and dynamic application security testing DAST in application security

Read More...

npm packages caught exfiltrating Kubernetes config, SSH keys

By Ax Sharma on September 19, 2023 npm

4 minute read time

Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server

Read More...

New npm PoC packages target PayPal Zettle, Airbnb developers

By Ax Sharma on September 12, 2023 npm

4 minute read time

Sonatype identified npm packages that exploit dependency confusion, named after internal dependencies purportedly used by PayPal Zettle and Airbnb

Read More...

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

By Aaron Linskens on September 12, 2023 Software Supply Chain

4 minute read time

Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders

Read More...

How to navigate DevOps principles: Analyzing Shift Left and Secure Right

By Aaron Linskens on September 06, 2023

5 minute read time

Explore Shift Left and Secure Right, what are their core principles to achieve high-quality, secure software and how they align with DevOps and DevSecOps

Read More...

A guide for open source software (OSS) security

By Aaron Linskens on August 28, 2023 secure software supply chain

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains

Read More...

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.

Read More...

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

By Ax Sharma on August 03, 2023 Open Source

3 minute read time

A malicious PyPI package ‘VMConnect’ designed to resemble VMware vSphere Connector Module was caught by Sonatype’s automated malware detection systems

Read More...

Introducing our 9th annual State of the Software Supply Chain report

Introducing our 9th annual State of the Software Supply Chain report

SAST vs. DAST: Enhancing application security

npm packages caught exfiltrating Kubernetes config, SSH keys

New npm PoC packages target PayPal Zettle, Airbnb developers

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

How to navigate DevOps principles: Analyzing Shift Left and Secure Right

A guide for open source software (OSS) security

Enhancing software supply chain security: New Sonatype product capabilities

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

Secure your software supply chain

Subscribe for all the latest software security news and events