Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

DevSecOps Without Compromise

By Katie McCaskey on June 26, 2019 oss
Oliver Milke of Cloudogu provides tips to strengthen your DevSecOps toolchain. He also points out two potential weaknesses that might lurk inside, too.

New in Repo - Repository Routing Helps Protect Against Dependency Hijacking Attacks

By Sable Yemane on June 26, 2019 Nexus Repository
How to create a repository routing rule to prevent developers from pulling a private package from a public repository. Company Pied Piper as an example.

What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices

By Derek Weeks on June 25, 2019 Software Supply Chain
Our 2019 State of the Software Supply Chain Report Reveals Best Practices From 36,000 OSS Dev Teams and 12,000 commercial software engineering teams.

Achieving a Managed State Model For Your Software Supply Chain

Secure software development processes share attributes with other human endeavors such as cooking, reading, and sports, says Santi Mulukutla of Sonatype.

DevSecOps: Security at the Speed of DevOps

By Katie McCaskey on June 18, 2019 devsecops
Larry Maccherone of Comcast shares his DevSecOps Manifesto and strategies he's used to foster the cultural change necessary to implement DevSecOps.

DevOps Culture: The Neuroscience of Behavior

By Katie McCaskey on June 18, 2019 devsecops
Helen Beal of Ranger4 takes a look at how the brain works, and what that means for cultural transformation. This is your brain on DevOps.

Continuous Compliance and DevOps

By Derek Weeks on June 17, 2019 OSS compliance
Compliance automation is critical to DevOps infrastructure. Christoph Hartmann, lead engineer at Chef and the creator of InSpec, explains the benefits.

Hands On with the Nexus Platform: A Software Supply Chain Demo

By Katie McCaskey on June 14, 2019 Nexus solutions
Sonatype's Ilkka Turunen demonstrates how to use the Nexus Platform. Download the files to try it yourself. You'll see how useful it is for your workflow.

Developers, Say Goodbye to Vulnerabilities. Squash Those Bugs!

By Katie McCaskey on June 12, 2019 Nexus Lifecycle
Sonatypers Jerome Gergel and Melanie Latin offer developers a set of four best practices once violations are identified in your software.