Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

"WTF is DevSecOps?"

By Elizabeth Kathure on May 27, 2020 devsecops
DevSecOps is a great idea. But it means security engineers, DevSecOps teams, and developers working together.
Read More...

The OWASP ZAP HUD

By Omkar Hiremath on May 26, 2020 vulnerabilities
ZAP is an open-source web application scanner and OWASP flagship project. Use ZAP to find vulnerabilities. Security expert Simon Bennetts demonstrates.
Read More...

DevSecOps Delivered: Nexus IQ Google Chrome Extension

By Amir Shahmiri on May 22, 2020 devsecops
See the Nexus IQ Google Chrome extension, a handy tool to research open source components in your browser.
Read More...

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

By Daniel Longest on May 21, 2020 shift left
Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.
Read More...

Cultural Approaches to Transformations

Marc Cluet has dedicated the last six years to helping organizations transform their culture and ways of working. Here are some of his observations.
Read More...

Integrating Infrastructure as Code into a Continuous Delivery Pipeline

By Carlos Schults on May 19, 2020 Continuous Delivery
Infrastructure as code (IaC) takes coding techniques used by software systems and extends them to infrastructure. We cover those techniques.
Read More...

Tanya Janca is "Big Fan of SCA" [VIDEO]

By Zack Conord on May 15, 2020 devsecops
Zack Conord interviews Tanya Janca of SheHacksPurple about her new business and why she's eager to teach software composition analysis.
Read More...

DevSecOps Leadership Forum: 500 Innovators Learning from Shared Experiences

By Matt Howard on May 14, 2020 Community
This is a recap of experiences and insights shared at the 2020 DevSecOps Leadership Forum. On demand recordings of the event are now available for free.
Read More...

New in Nexus Repository 3.23: Nexus Intelligence via npm audit

By Brent Kostak on May 13, 2020 npm
Now developers can check for policy violations using the npm audit command built into the npm CLI, using the precise data of Nexus Intelligence.
Read More...