Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Malicious Attacks On Open Source Are Going to Get Worse; Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Operating Without an OSS License? That Could Be Dangerous!

By Derek Weeks on April 17, 2019 Nexus Lifecycle
The intent of OSS licensing is to to make sure software can remain open source and freely used. But, some licenses contain requirements that could conflict with your business objectives - it's
Read More...

Full Lifecycle Container Security

By Derek Weeks on April 17, 2019 devsecops
As containers become a greater part of the DevOps pipeline, securing them is top of mind. John Morello, Twistlock CTO, shared thoughts at the 2018 Nexus User Conference on how-to secure them across
Read More...

Deploying DevOps in Government - the Second Time is the Charm

By Derek Weeks on April 15, 2019 devsecops
Getting buy-in from a government agency to change anything, is not an easy task. Mieke Deene walks us through the 6 challenges she overcame to convince the Dutch Government to adopt DevOps practices.
Read More...

Sonatype Goes to CloudBees Days

By Janie Gelfond on April 12, 2019 devsecops
We're always excited to spend time with our friends at CloudBees - and participating in their CloudBees Days tour is no different.
Read More...

Corrupting the Software Supply Chain: Lessons from the Bootstrap-sass Hack

By Elisa Velarde on April 09, 2019 vulnerability
The boldness of bad actors is escalating in the world of open source software. From the event-stream / NPM incident in November of 2018, to the recent bootstrap-sass / Ruby Gems hack, bad actors are
Read More...

Software Composition Analysis: A Matter of Perspective (and Experience)

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.
Read More...

Nexus Helps Cure Cancer

By Derek Weeks on April 05, 2019 Nexus Repository
At the 2018 Nexus User Conference, Sarah Elkins discussed how the National Cancer Institute uses Nexus Pro Repository Manager to help manage their applications securely and efficiently.
Read More...

40 DevSecOps Reference Architectures To Learn From

By Janie Gelfond on April 04, 2019 devsecops
Scaling DevSecOps is no easy feat. There are so many ways to automate security across the SDLC, that it can become overwhelming quickly. That's why we created DevSecOps Reference Architecture
Read More...