Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

From Burping to Flying - Red Teaming with Nexus at Intuit

By Mark Henke on May 24, 2019 devsecops
Security is too important to leave out of DevOps. Learn why, and how to unite the two, from Shannon Lietz's 2018 Nexus User Conference session.
Read More...

The DevSecOps Equilibrium

By Derek Weeks on May 22, 2019 devsecops
Is their tension in your organization between sec, ops, and dev? In his All Day DevOps chat, Chris Corriere talks about finding the DevSecOps Equilibrium.
Read More...

GDPR One Year On: Increasing Demand for "Security By Design"

GDPR's influence is becoming more and more evident in software development. What comes next for teams in the EU and elsewhere as the policy turns 1?
Read More...

In the Dark about Software Supply Chain Vulnerabilities

By Matt Howard on May 16, 2019 vulnerability
The Barium attacks , revealed earlier this month, highlight new, pervasive tactics that are exceptionally dangerous.
Read More...

New with Nexus: Policy-Oriented Reporting with Lifecycle

By Sonal Thawani on May 10, 2019 Nexus Lifecycle
The new version our Application Composition Report now includes policy violations at the center of the report, allowing you to quickly identify and act on remediation opportunities.
Read More...

Say Hello to Our New GitLab Integration

By Sonal Thawani on May 08, 2019 devsecops
Nexus Lifecycle now integrates with GitLab CI, bringing precise open source intelligence to GitLab users.
Read More...

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 2

By Curtis Yanko on May 07, 2019 Red Hat
How to add security to your CI/CD pipeline quickly with Nexus Lifecycle, Red Hat Quay, and Twistlock, all without disrupting ongoing development.
Read More...

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 1

By Curtis Yanko on May 07, 2019 Red Hat
How to use Webhooks to integrate Red Hat's Quay into Sonatype's Nexus Lifecycle for devsecops and container security in Docker.
Read More...

Getting Started With Sonatype DepShield: An Introduction

By Casey Dunham on May 06, 2019 github
Sonatype’s GitHub application DepShield scans your GitHub repository and analyzes dependencies for known vulnerabilities. The best part is that it’s free!
Read More...