Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Do You View Your AppSec Tools as an Inhibitor to Innovation or a Safety Measure?

By Helen Beal on March 23, 2017 AppSec

3 minute read time

DevOps is all about making better software faster. It also requires making it more safely while compressing the time between ideation to realisation
Read More...
carrotscupcakes2.jpg
READ MORE

DevSecOps: Eat Carrots, Not Cupcakes

By Derek Weeks on March 23, 2017 Software Supply Chain

4 minute read time

In DevSecOps, security automation is more strategic than ever and key to survival.
Read More...
oleg1.jpg
READ MORE

DevSecOps: A More Deterministic Approach

By Oleg Gryb on March 22, 2017 devsecops

3 minute read time

Is security an inhibitor to DevOps agility?
Read More...
hasan yasar1.jpg
READ MORE

DevSecOps: In Time for Security

By Hasan Yasar on March 22, 2017 Devops

4 minute read time

Historically developers have prioritized functional requirements over security when building software, in DevSecOps, that world view changes.
Read More...
READ MORE

DevSecOps: Slaying the Myths of Container Security

By Benjamin Wootton on March 21, 2017 Docker

2 minute read time

Security Is A Top Concern For Us When Deploying Containers, says Benjamin Wootton. @benjaminwootton
Read More...
schleen1.jpg
READ MORE

DevSecOps: Integrating Automated Security Controls

By DJ Schleen on March 21, 2017 devsecops

2 minute read time

Security continues to be an afterthought in many development pipelines. In DevOps, security is taking on a new role where high velocity meets security at scale
Read More...
tylershields1.jpg
READ MORE

DevSecOps: Embracing Automation While Letting Go of Tradition

By Tyler Shields on March 21, 2017 devsecops

3 minute read time

The awesome thing about careers in technology is that you constantly have to be on your front foot. In DevSecOps, this means scaling security at new velocities.
Read More...
READ MORE

Sonatype on Federal News Radio

By Matt Howard on March 16, 2017 Nexus

15 second read time

Listen to Matt Howard, Executive Vice President and Chief Marketing Officer at Sonatype, on Federal News Radio as he discusses the demand for quality open.
Read More...
READ MORE

Apache Struts Vulnerability: Live Updates

By Matt Howard on March 16, 2017 vulnerabilities

6 minute read time

Attackers are widely exploiting a new vulnerability in Apache Struts2 that allows them to remotely execute malicious code on web servers.
Read More...
READ MORE

Setting up a Docker Private Registry with Authentication Using Nexus and Nginx

By Stefan Prodan on March 15, 2017 How-To

6 minute read time

This article shows how you can set up a Docker Private Registry with authentication and SSL using Nexus Repository OSS.
Read More...
GettyImages-522876116
READ MORE

Setting up a Secure, Private Sonatype Nexus Repository

By Nicholas Badger on March 13, 2017 Product

8 minute read time

Learn how to setup and secure a private Sonatype Nexus Repository.
Read More...
iStock-175197685.jpg
READ MORE

Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

5 minute read time

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their.
Read More...
READ MORE

Set up your own Continuous Delivery Stack

By Pascal Alma on March 10, 2017 Continuous Delivery

4 minute read time

Last week I wanted to try new things with ‘pipeline as code’ with Jenkins.
Read More...
READ MORE

When it Comes to Application Security, “Doing Your Homework”​ Matters

By Matthew Barker on March 09, 2017 Application Security

4 minute read time

They say software is eating the world, very true, but it has become even more clear that OSS components are eating the software world.
Read More...
READ MORE

Improving Build Time of Java Builds on OpenShift

By Jorge Morales on March 08, 2017 java

14 minute read time

I will guide you through the process of speeding up Java Maven based builds, and will explain other options that can be taken to the ones that I’ll be showing.
Read More...
mjh-speaker.jpg
READ MORE

DevSecOps is Suddenly Strategic for Everyone in Software:  Here's Why

By Matt Howard on March 07, 2017 devsecops

2 minute read time

If DevSecOps is strategic to your mission, I invite you to examine the Nexus platform and learn how you can empower your developers with easy to consume and.
Read More...
READ MORE

AppSec EU 2017 Belfast – What to Expect

By Mark Miller on March 07, 2017 events

20 second read time

In mid-May I’ll be joining the organizing team of AppSec EU 2017 in Belfast for a week of security and DevOps sessions.
Read More...
READ MORE

Using Sonatype Nexus Repository 3  – Part 3: Docker Images

By Rafael Eyng on March 06, 2017 Docker

4 minute read time

This is the third and last part of a series of posts on Sonatype Nexus 3 and how to use it as repository for several technologies.
Read More...
READ MORE

Culture Hacking at RSAC 2017 with Shannon Lietz

By Shannon Lietz on March 03, 2017 RSA Conference

1 minute read time

On Monday, February 13, Shannon Lietz gave a quick, 20 minute overview of her investigations and implementation of Culture Hacking at Intuit.
Read More...
READ MORE

Using Sonatype Nexus Repository 3 – Part 2: npm Packages

By Rafael Eyng on March 01, 2017 npm

4 minute read time

This is the second part of a series of posts on Sonatype Nexus 3 and how to use it as repository for several technologies.
Read More...