Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

What to Consider When Crafting Your OSS Policy

By Filipp Kofman on July 15, 2021 legal
Building a plan for using open source software in your company means less confusion and risk. A look at some of the necessities and ideals in handling freely available code.
Read More...

Effective Tools for Software Composition Analysis

By IT Central Station on July 14, 2021 Nexus Lifecycle
Better developer tools for the software supply chain mean a faster, more effective team. Sonatype customers share the tools that help them move faster and with less risk.
Read More...

Breaking Organizational Silos for Better Application Security

By Phil Vuollet on July 08, 2021 AppSec
Security depends on collaboration and communication. Our recent Elevate talk breaks down pillars, structure, and suggestions for organizational silos.
Read More...

Kaseya Ransomware: a Software Supply Chain Attack or Not?

By Matt Howard on July 06, 2021 vulnerabilities
As companies scramble to address and resolve this devastating attack, we look at what makes a supply chain and what it takes to address upstream attacks.
Read More...

Why High-Quality Data is Critical for Effective Software Composition Analysis

A secure software supply chain requires higher quality data. Sonatype customers share why its software compositional analysis intelligence means greater confidence that real vulnerabilities will be
Read More...

DevOps Made of Steel

By Phil Vuollet on June 29, 2021 Nexus Lifecycle
Security Analysts from U.S. Steel Corporation spoke at Sonatype's ELEVATE 2021, sharing their DevOps story and where Nexus Repository and Nexus Lifecycle fit into the journey.
Read More...

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government
NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...