Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain

Earlier this year I wrote a two part series called CI In The Age Of Containers - Part 1 & Part 2. My original goal was to explore the impact container might


Software Liability Gets Real (Global)

By Derek Weeks on February 23, 2018 open source governance

This month, France turned up the conversation on software liability for manufacturers who place known defective software components in their products. But,


Nexus Lifecycle: Using REST API to identify where newly vulnerable components reside across your application portfolio

By Ilkka Turunen on February 19, 2018 Application Security

Following the recent announcement of the npm package conventional-changelog having a malicious version uploaded (read more in Brian's blog ), I wanted to


DevSecOps: Dreams, Teams, and Architecture

By Derek Weeks on February 18, 2018 Application Security

Spring training for Major League Baseball in the US starts this Friday. While millions of people share my love for baseball, the same can’t be said for


Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials

For the second time in as many weeks we’re seeing the fallout of missteps taken by publishers of open source components. It was just last week that I wrote


DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance

Gartner recently posted their Top 10 Strategic Technology Trends for 2018 and DevSecOps practices made the list.

Here's what they said, "Traditional


DevSecOps: Overcoming the Culture of No’s with Chaos

By Derek Weeks on January 08, 2018 Application Security

Traditional security has thrived in culture of “no.”


Insecure at Any Speed

By Mike Hansen on September 18, 2017 Open Source

In 1965, Ralph Nader became a household name with the publication of “Unsafe at Any Speed”, his pointed critique of the serious safety risks foisted upon


Security Processes at the Apache Software Foundation (video and podcast)

By Mark Miller on September 15, 2017 Struts

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software