Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Cloud Security Concerns in 2021

By Kevin Miller on August 05, 2021 cloud
Cloud environments are growing in complexity, and challenging those responsible for keeping environments secure. We partnered with Fugue to uncover how cloud security professionals are handling the
Read More...

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities
ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

By Kevin Miller on July 30, 2021 Nexus Lifecycle
The Sonatype Nexus platform now evaluates and analyzes Javascript/Node components directly in IntelliJ IDEA.
Read More...

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

What to Consider When Crafting Your OSS Policy

By Filipp Kofman on July 15, 2021 legal
Building a plan for using open source software in your company means less confusion and risk. A look at some of the necessities and ideals in handling freely available code.
Read More...

Effective Tools for Software Composition Analysis

By IT Central Station on July 14, 2021 Nexus Lifecycle
Better developer tools for the software supply chain mean a faster, more effective team. Sonatype customers share the tools that help them move faster and with less risk.
Read More...

Breaking Organizational Silos for Better Application Security

By Phil Vuollet on July 08, 2021 AppSec
Security depends on collaboration and communication. Our recent Elevate talk breaks down pillars, structure, and suggestions for organizational silos.
Read More...

Kaseya Ransomware: a Software Supply Chain Attack or Not?

By Matt Howard on July 06, 2021 vulnerabilities
As companies scramble to address and resolve this devastating attack, we look at what makes a supply chain and what it takes to address upstream attacks.
Read More...

Why High-Quality Data is Critical for Effective Software Composition Analysis

A secure software supply chain requires higher quality data. Sonatype customers share why its software compositional analysis intelligence means greater confidence that real vulnerabilities will be
Read More...