Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Blue by Default

By Katie McCaskey on July 29, 2019 security
Aubrey Stearn (@auberryberry) explains DevOps security approach Blue by Default. Security practices move prior to testing and delivery to ensure focus.
Read More...

Empowering Developers: Security Self Serve and Automated Time-Based Waivers

Tyro recently empowered their developers to build more secure software by instituting time-based waivers. At the Nexus User Conference, they shared how they made it happen.
Read More...

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain
Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security. DevSecOps, application and system security are all visible in
Read More...

Software Liability Gets Real (Global)

By Derek Weeks on February 23, 2018 open source governance
Software liability turns up the volume in France, Germany, the UK, the USA, and the EU in 2018.
Read More...

Nexus Lifecycle: Using REST API to identify where newly vulnerable components reside across your application portfolio

By Ilkka Turunen on February 19, 2018 Application Security
Using the REST API from Nexus Lifecycle to identify new vulnerable components across your application portfolio.
Read More...

DevSecOps: Dreams, Teams, and Architecture

By Derek Weeks on February 18, 2018 Application Security
DevSecOps: Dreams, Teams, and Architecture. How to bring DevSecOps into your organization.
Read More...

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials
Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
Read More...

DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance
Traditional security techniques using ownership and control rather than trust will not work in the digital world.
Read More...

DevSecOps: Overcoming the Culture of No’s with Chaos

By Derek Weeks on January 08, 2018 Application Security
Automating Security in DevOps: Combating No’s with Chaos. A exploration of DevSecOps practices.
Read More...