Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Katie McCaskey

Katie is an experienced technology writer and entrepreneur. At Sonatype, she's focused on creating and finding great content.

Free Software, But No Free Lunch

By Katie McCaskey on July 25, 2019 security
Today's threat surface is the software itself. How can Fortune 100 companies and others protect themselves? One security practice is counterintuitive.

Why Software Composition Analysis (SCA) Demands Precision

Software Composition Analysis: Getting to the Signal Through the Noise, by 451 Research, demonstrates Sonatype's leadership in software composition analysis.

PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector

By Katie McCaskey on July 22, 2019 dependency injection
Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.

Extreme Endurance Required

By Katie McCaskey on July 19, 2019 News and Views
Sonatyper Mark Dodgson will test his physical limits and mental toughness participating in an athletic event that is 10x an Ironman, a first for the UK.

DevOps at the US Patent and Trademark Office

By Katie McCaskey on July 18, 2019 devsecops
The US Patent and Trademark Office's Fee Processing Next Generation (FPNG) is an example of a government agency moving to a devops development environment.

A World of Infinite Choice in Open Source Software

The 2019 Software Supply Chain Report explains the development environment we're all living in and what we can learn from exemplar dev teams.

Repository Management: An Easy Way to Minimize Risk

By Katie McCaskey on July 05, 2019 repository manager
Mykel Alvis (@mykelalvis) of Array Consulting urges developers to use a caching, and preferably security-scanning, artifact repository. Here's why.

New Cloud-Native CI/CD Projects OpenShift Pipelines and Tekton

By Katie McCaskey on July 01, 2019 devsecops
Siamak Sadeghianfar of RedHat explains how the open source projects Tekton and OpenShift support cloud-native CI/CD projects.

DevSecOps Without Compromise

By Katie McCaskey on June 26, 2019 oss
Oliver Milke of Cloudogu provides tips to strengthen your DevSecOps toolchain. He also points out two potential weaknesses that might lurk inside, too.