Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Accelerating Productivity, Digital Value Streams, and DevSecOps During COVID-19

By Katie McCaskey on May 29, 2020 devsecops
In the pilot episode of DevOps and Drinks from IDC, Reuben Athaide from Standard Charter Bank shares his views on how COVID-19 is changing DevSecOps.
Read More...

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

By April Downey on May 28, 2020 vulnerabilities
DHS CISA lists Apache Struts as a top vulnerability. Yet, evidence shows it is still being downloaded - on average, by 10,000 organizations a month.
Read More...

"WTF is DevSecOps?"

By Elizabeth Kathure on May 27, 2020 devsecops
DevSecOps is a great idea. But it means security engineers, DevSecOps teams, and developers working together.
Read More...

The OWASP ZAP HUD

By Omkar Hiremath on May 26, 2020 vulnerabilities
ZAP is an open-source web application scanner and OWASP flagship project. Use ZAP to find vulnerabilities. Security expert Simon Bennetts demonstrates.
Read More...

DevSecOps Delivered: Nexus IQ Google Chrome Extension

By Amir Shahmiri on May 22, 2020 devsecops
See the Nexus IQ Google Chrome extension, a handy tool to research open source components in your browser.
Read More...

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

By Daniel Longest on May 21, 2020 shift left
Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.
Read More...

Cultural Approaches to Transformations

Marc Cluet has dedicated the last six years to helping organizations transform their culture and ways of working. Here are some of his observations.
Read More...

Integrating Infrastructure as Code into a Continuous Delivery Pipeline

By Carlos Schults on May 19, 2020 Continuous Delivery
Infrastructure as code (IaC) takes coding techniques used by software systems and extends them to infrastructure. We cover those techniques.
Read More...

SaltStack: 20 Breaches Within Four Days

By Derek Weeks on May 18, 2020 vulnerabilities
When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?
Read More...