The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Holding the Industry Accountable

Humans often need to experience something before we change. As DevSecOps practitioners and leaders we should always be asking what needs changing and why.
Read More...

ZeroTrustOps: Securing at Scale

By Sylvia Fronczak on June 19, 2020 AppSec
With zero trust, you assume everything on the network is unsafe. You have to check trust explicitly. This stance improves security throughout the SDLC.
Read More...

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

By Alyssa Shames on May 12, 2020 AppSec
Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...

Your Guide to AppSec Tools: SAST or SCA?

By Alyssa Shames on April 16, 2020 AppSec
Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec
Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...

Nexus Vulnerability Scanner: Getting Started with Vulnerability Analysis

By Omkar Hiremath on March 26, 2020 vulnerabilities
Nexus Vulnerability Scanner is a free tool that scans your application for vulnerabilities and reports on its analysis.
Read More...

Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure

By Mark Miller on March 23, 2020 vulnerabilities
Equifax is creating a customer driven platform that includes security automation and data privacy, all while building transparency into the process.
Read More...

Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

By Mark Miller on March 19, 2020 AppSec
When we break down the barriers to communication and collaboration, we thrive as humans and as organizations. Sladjana Jovanovic shares her experiences.
Read More...

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec
A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...