Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Implementing DevSecOps with 1,162 Apps

By Derek Weeks on April 22, 2019 devsecops
True DevSecOps includes breaking builds when vulnerable open source is found. But, implementing that level of precision is not an easy task. Hiep Tran from Capital Group, shares the process they wen
Read More...

From 0 to Accredited in 23 Days

By Derek Weeks on April 22, 2019 devops tools
DevSecOps in Government - What if there was a way to go from 0 to accredited in 23 days? Leonel Garciga DoD’s Joint Improvised Threat Defeat Organization shares how.
Read More...

Malicious Attacks On Open Source Are Going to Get Worse; Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Operating Without an OSS License? That Could Be Dangerous!

By Derek Weeks on April 17, 2019 Nexus Lifecycle
The intent of OSS licensing is to to make sure software can remain open source and freely used. But, some licenses contain requirements that could conflict with your business objectives - it's
Read More...

Full Lifecycle Container Security

By Derek Weeks on April 17, 2019 devsecops
As containers become a greater part of the DevOps pipeline, securing them is top of mind. John Morello, Twistlock CTO, shared thoughts at the 2018 Nexus User Conference on how-to secure them across
Read More...

Deploying DevOps in Government - the Second Time is the Charm

By Derek Weeks on April 15, 2019 devsecops
Getting buy-in from a government agency to change anything, is not an easy task. Mieke Deene walks us through the 6 challenges she overcame to convince the Dutch Government to adopt DevOps practices.
Read More...

Sonatype Goes to CloudBees Days

By Janie Gelfond on April 12, 2019 devsecops
We're always excited to spend time with our friends at CloudBees - and participating in their CloudBees Days tour is no different.
Read More...

Corrupting the Software Supply Chain: Lessons from the Bootstrap-sass Hack

By Elisa Velarde on April 09, 2019 vulnerability
The boldness of bad actors is escalating in the world of open source software. From the event-stream / NPM incident in November of 2018, to the recent bootstrap-sass / Ruby Gems hack, bad actors are
Read More...

Software Composition Analysis: A Matter of Perspective (and Experience)

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.
Read More...