Skip Navigation
Book a Demo
Book a Demo

Featured Article

Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

By Tara Flynn Condon on May 23, 2023 AppSec

Sonatype is named to the 2023 Gartner Magic Quadrant for Application Security Testing (AST).

Read More

SHARE:

Sonatype_Blog_Logo_White
SAST, DAST, CSA, OSSM, SCA
READ MORE

Four Common Security Acronyms Explained

By DJ Schleen on March 02, 2020 security

4 minute read time

SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, what exactly do they do, and why does it matter?
Read More...
READ MORE

Gartner: You Must Assess Overall Software Health and Welfare

By Katie McCaskey on February 24, 2020 Gartner

4 minute read time

Gartner reports that mature organizations are expanding open-source management to include health assessment by default.
Read More...
GettyImages-1022861032
READ MORE

It Pays to Discover Sonatype

By Katie McCaskey on October 03, 2019 open source governance

3 minute read time

Karthik Loganathan and Giri Rao of Discover explain how the financial services company benefits from Sonatype's open source license management platform.
Read More...
GettyImages-1138004657-1
READ MORE

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

By Katie McCaskey on September 13, 2019 security

2 minute read time

The largest gathering of Infosec professionals met in Washington, D.C. to discuss the future of web security. Open source software is at the core of it.
Read More...
GettyImages-1063149170
READ MORE

Development Velocity Is a Surprisingly Good Thing, Says Researchers

By Katie McCaskey on August 13, 2019 open source governance

2 minute read time

Organizations with DevOps culture produce high frequency release schedules and stronger MTTU (mean time to update) response scores, to the benefit of all.
Read More...
GettyImages-849023956
READ MORE

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

By Katie McCaskey on August 05, 2019 open source governance

3 minute read time

Toyota developed a vehicle production framework, still in use today, that shapes contemporary software supply chain management, too.
Read More...
no-free-lunch
READ MORE

Free Software, But No Free Lunch

By Katie McCaskey on July 25, 2019 security

2 minute read time

Today's threat surface is the software itself. How can Fortune 100 companies and others protect themselves? One security practice is counterintuitive.
Read More...
GettyImages-530418574
READ MORE

PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector

By Katie McCaskey on July 22, 2019 dependency injection

3 minute read time

Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.
Read More...
GettyImages-899434516
READ MORE

A World of Infinite Choice in Open Source Software

3 minute read time

The 2019 Software Supply Chain Report explains the development environment we're all living in and what we can learn from exemplar dev teams.
Read More...