Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

By Brian Fox on November 27, 2018 vulnerabilities
Open source software is under attack, and the malicious attack on the popular npm event-stream 3 package, is just the latest proof.
Read More...

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

By Sylvia Fronczak on November 02, 2018 devsecops
A reservoir is created by rivers and streams that flow into it. What if one of those rivers is polluted? It pollutes the whole thing. Similarly, in software, if we add dependencies that are
Read More...

Who Cares if Supermicro Happened. Supply Chain Attacks are Real and It’s Time to Pay Attention

Technology supply chain attacks are happening in the wild, and whether or not the Supermicro story is real, it should be a wake-up call for all of us.
Read More...

Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 open source governance
In 2017, one might have considered "three days" to be the new normal for lead time for changes in DevSecOps. In 2018, that window closed to "one second". The adversaries are not only smart, they are
Read More...

The 2018 State of the Software Supply Chain Report is here!

By Derek Weeks on September 25, 2018 devsecops
Today, Sonatype introduces the 2018 State of the Software Supply Chain Report, on managing open source components to accelerate innovation.
Read More...