Featured Article

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

SAST vs. DAST: Enhancing application security

By Aaron Linskens on September 21, 2023 DAST

7 minute read time

Explore advantages and limits of static application security testing SAST and dynamic application security testing DAST in application security

Read More...

npm packages caught exfiltrating Kubernetes config, SSH keys

By Ax Sharma on September 19, 2023 npm

4 minute read time

Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server

Read More...

New npm PoC packages target PayPal Zettle, Airbnb developers

By Ax Sharma on September 12, 2023 npm

4 minute read time

Sonatype identified npm packages that exploit dependency confusion, named after internal dependencies purportedly used by PayPal Zettle and Airbnb

Read More...

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

By Aaron Linskens on September 12, 2023 Software Supply Chain

4 minute read time

Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders

Read More...

How to navigate DevOps principles: Analyzing Shift Left and Secure Right

By Aaron Linskens on September 06, 2023 shift left

5 minute read time

Explore Shift Left and Secure Right, what are their core principles to achieve high-quality, secure software and how they align with DevOps and DevSecOps

Read More...

A guide for open source software (OSS) security

By Aaron Linskens on August 28, 2023 secure software supply chain

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains

Read More...

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.

Read More...

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

By Ax Sharma on August 03, 2023 Open Source

3 minute read time

A malicious PyPI package ‘VMConnect’ designed to resemble VMware vSphere Connector Module was caught by Sonatype’s automated malware detection systems

Read More...

Getting started with the Secure Software Development Framework (SSDF)

By Aaron Linskens on July 27, 2023 Software Supply Chain

6 minute read time

Discover how to get started with the Secure Software Development Framework (SSDF), what it contains, and why should you leverage it

Read More...

Previous Next

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

SAST vs. DAST: Enhancing application security

npm packages caught exfiltrating Kubernetes config, SSH keys

New npm PoC packages target PayPal Zettle, Airbnb developers

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

How to navigate DevOps principles: Analyzing Shift Left and Secure Right

A guide for open source software (OSS) security

Enhancing software supply chain security: New Sonatype product capabilities

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

Getting started with the Secure Software Development Framework (SSDF)

Secure your software supply chain

Subscribe for all the latest software security news and events