Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Nancy, on a Boat! (Announcing Nancy for Docker)

By DJ Schleen on October 17, 2019 Docker
Nancy checks for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.
Read More...

Identifying Security Vulnerabilities Inside a Jenkins Pipeline

By Katie McCaskey on October 16, 2019 JenkinsCI
Justin Young (@whyjustin) demonstrates how a malicious component can access your connected network - and how to identify that component inside Jenkins.
Read More...

Sonatype a Recognized Cybersecurity, DevOps Tech Titan

By Katie McCaskey on October 15, 2019 awards
Sonatype brings home a Washingtonian Tech Titan, and Cybersecurity Leadership awards at the start of 2019's final quarter.
Read More...

Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud

By Michelle Dufty on October 11, 2019 Nexus Lifecycle
The Nexus IQ Extension for Azure DevOps scans builds to identify open source security, license, or quality policy violations.
Read More...

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

By Elisa Velarde on October 10, 2019 vulnerabilities
Our October Nexus Intelligence Insight takes a second look at a popular component that's both a blessing and a curse to developers - jackson-databind.
Read More...

What Developers Need to Know About WhatsApp's Recent Security Dilemma

By Katie McCaskey on October 08, 2019 AppSec
Sonatype issues an Advisory Deviation Notice for CVE-2019-11932, a vulnerability that exploits processor memory and recently affected WhatsApp.
Read More...

DevSecOps for a Dollar or Less

By Derek Weeks on October 07, 2019 OWASP
The DevSecOps Maturity Model (DSOMM) helps you analyze your organization's development pipeline to see where you need to improve.
Read More...

Sonatype Hosts Global Gatherings of DevSecOps Leaders and Innovators

By Katie McCaskey on October 04, 2019 thought leaders
October is dedicated to intimate gatherings of DevSecOps professionals, thought leaders, and decision makers in cities across North America and Europe.
Read More...

It Pays to Discover Sonatype

By Katie McCaskey on October 03, 2019 open source governance
Karthik Loganathan and Giri Rao of Discover explain how the financial services company benefits from Sonatype's open source license management platform.
Read More...