Sonatype Developer Relations

As Sonatype's Developer Relations team, we empower software developers, infosec practitioners, and DevOps/SRE pros to do their best work.

Malware Monthly - December 2022

10 minute read time

Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...

PGP vs. sigstore: A Recap of the Match at Maven Central

7 minute read time

We put code-signing tools PGP and sigstore in a head-to-head match with Maven Central users to find a winner. The results may surprise you.
Read More...

Caroling Through the Season: The Sounds of the 4shells

8 minute read time

As 2022 wraps up, we wanted to take a moment not only to reflect on Log4j but also on the other two “4shell” vulnerabilities that were disclosed.
Read More...

Malware Monthly - November 2022

12 minute read time

Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...