Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Empowering Developers: Security Self Serve and Automated Time-Based Waivers

Tyro recently empowered their developers to build more secure software by instituting time-based waivers. At the Nexus User Conference, they shared how they made it happen.
Read More...

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain
Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security. DevSecOps, application and system security are all visible in
Read More...

Software Liability Gets Real (Global)

By Derek Weeks on February 23, 2018 open source governance
Software liability turns up the volume in France, Germany, the UK, the USA, and the EU in 2018.
Read More...

Nexus Lifecycle: Using REST API to identify where newly vulnerable components reside across your application portfolio

By Ilkka Turunen on February 19, 2018 Application Security
Using the REST API from Nexus Lifecycle to identify new vulnerable components across your application portfolio.
Read More...

DevSecOps: Dreams, Teams, and Architecture

By Derek Weeks on February 18, 2018 Application Security
DevSecOps: Dreams, Teams, and Architecture. How to bring DevSecOps into your organization.
Read More...

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials
Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
Read More...

DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance
Traditional security techniques using ownership and control rather than trust will not work in the digital world.
Read More...

DevSecOps: Overcoming the Culture of No’s with Chaos

By Derek Weeks on January 08, 2018 Application Security
Automating Security in DevOps: Combating No’s with Chaos. A exploration of DevSecOps practices.
Read More...

Insecure at Any Speed

By Mike Hansen on September 18, 2017 Open Source
Because of the pervasive use of of open source software and the poor open source security practices, bad actors simply lie in wait for opportunity to knock.
Read More...