Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

3-2-1, Lift off! It’s Time to Elevate Your Development with Sonatype Lift

By Kevin Miller on June 15, 2021 code quality
Sonatype Lift is a new, cloud-native platform that enables developers to find and fix performance, reliability, and security bugs during code review.
Read More...

Open Source Attacks on the Rise: Top 8 Malicious Packages Found in npm

By Ax Sharma on June 08, 2021 featured
We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.
Read More...

Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured
Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...

UK Government to Step Up Supply Chain Security following US Presidential Executive Order on Cybersecurity

By Ax Sharma on May 21, 2021 featured
2021 is becoming the year of software supply chain security. In less than two weeks, both the US and UK governments made moves to step up their cybersecurity game.
Read More...

Biden’s Cybersecurity Executive Order: Everything You Need to Know You Learned in Kindergarten

By Matt Howard on May 18, 2021 featured
Biden's Cybersecurity Executive Order, set to change secure development processes in the US, is actually quite simple to understand. You just have to go back to kindergarten.
Read More...

What is Dependency Confusion and Why Does it Matter in the Federal Sector?

By Jason Nalewak on May 14, 2021 government
Developers in the federal space are not immune from dependency confusion attacks. Following Biden's Cybersecurity Executive Order, understanding the attack vector is even more crucial
Read More...

Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security

Biden's Cybersecurity Executive Order mandates software supply chain security and secure development practices, including creating a software bill of materials for all applications.
Read More...

Slaying the Dragon of OSS Legal Compliance with the Advanced Legal Pack

By Dariush Griffin on May 04, 2021 Nexus Lifecycle
Open source can come with a plethora of legal obligations. Manual reviews can take hundreds of hours for 1 app. The Advanced Legal Packs automates that process giving developers and legal teams their
Read More...

Sonatype + Muse: How Improved Code Quality Complements Enterprise SAST

By Matt Howard on April 29, 2021 SAST
MuseDev, Sonatype's innovative code analysis platform, is highly complementary to enterprise SAST tools like Fortify that surface a wide breadth of deep security issues that Muse doesn’t provide.
Read More...