Sonatype Nexus Lifecycle Boosts Open Source Security and Dependency Management

By Audra Davis-Hurst on January 13, 2023 Nexus Lifecycle

9 minute read time

Nexus Lifecycle is designed to monitor for problems at every stage of the software development life cycle (SDLC) and automatically address them.
Read More...

Best Practices in Dependency Management: Cooking a Meal of Gourmet Code

5 minute read time

Close to 85% of every application is open source software. Better understanding your software supply chain starts with understanding dependency management.
Read More...

Meet Richard Panman: Values Champion

By Savanna Hajdasz on January 12, 2023 News

11 minute read time

Meet Richard Panman, Sonatype Customer Outcomes Manager, and a peer-nominated Values Champion.
Read More...

2023 Predictions: What Will Happen in Software Supply Chain Governance?

By Luke Mcbride on January 09, 2023 Software Supply Chain

8 minute read time

A look at what we're expecting in the coming year, including open source security, software supply chain attacks, regulation, DevOps, and more.
Read More...

PyTorch Namespace (Dependency) Confusion Attack

By Ilkka Turunen on January 04, 2023 News

4 minute read time

During the 2022 holiday season, a dependency confusion attack targeted PyTorch. Here's what users of PyTorch-NightlyBuild need to know.
Read More...

SCA and SAST: What Do They Do and How Can They Help Developers Like You?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...

How does Developer Morale Affect My Software Supply Chain?

By Luke Mcbride on January 03, 2023 survey

4 minute read time

Your place in the software supply chain has a lot to do with your development staff. A look at Sonatype data on developer state-of-mind and performance.
Read More...

PGP vs. sigstore: A Recap of the Match at Maven Central

7 minute read time

We put code-signing tools PGP and sigstore in a head-to-head match with Maven Central users to find a winner. The results may surprise you.
Read More...

EU Cyber Resilience Act: Good for Software Supply Chain Security, Bad for Open Source?

By Brian Fox on December 22, 2022 secure software supply chain

10 minute read time

The Cyber Resilience Act is the European Union's proposed regulation to combat threats affecting any digital entity. What does that mean for open source?
Read More...