Skip Navigation
Book a Demo
Book a Demo

Featured Article

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

By Ax Sharma on February 05, 2024 vulnerability

It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

How DevOps evolved into DevSecOps: Embracing security in software development

By Aaron Linskens on February 09, 2024 devsecops

3 minute read time

Understand how DevOps and DevSecOps are crucial to optimize software development and ensure security is not an afterthought in an SDLC.
Read More...
READ MORE

Mastering SBOMs: Best practices

By Keiana King on February 06, 2024 Development strategy

2 minute read time

Check out Sonatype's recent webinar that sheds light on the importance of software bills of materials (SBOMs) in software development.
Read More...
READ MORE

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

By Ax Sharma on February 05, 2024 vulnerability

5 minute read time

It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's
Read More...
READ MORE

DevSecOps maturity model: A beginner's guide

By Aaron Linskens on January 26, 2024 devsecops

6 minute read time

Explore the concept of a maturity model within the context of DevSecOps which serves as a guide to fortify security practices within software development.
Read More...
READ MORE

npm flooded with 748 packages that store movies

By Ax Sharma on January 25, 2024 vulnerabilities

4 minute read time

The Sonatype Security Research team came across 748 packages flooding the npm software registry.
Read More...
READ MORE

Fake 'distube-config' npm package drops Windows info-stealing malware

By Ax Sharma on January 24, 2024 vulnerabilities

3 minute read time

Sonatype identified two npm packages that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan
Read More...
READ MORE

What is the OWASP Top 10?

By Aaron Linskens on January 12, 2024 vulnerabilities

7 minute read time

Discover the significance of OWASP in cybersecurity – What is OWASP and why it is vital for developers and organizations? Dive deeper with Sonatype.
Read More...
READ MORE

DevSecOps tools: A beginner's guide

By Aaron Linskens on January 05, 2024 Open Source

6 minute read time

Explore categories of DevSecOps tools and their distinct use cases and roles in reshaping modern software development practices
Read More...
READ MORE

'everything' matters — why the npm package sparked controversy

By Ax Sharma on January 04, 2024 npm

4 minute read time

An npm package sparked controversy after its publication. Understand what it does and how you can safeguard yourself against such packages.
Read More...