Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Comparing npm Audit Versus AuditJS

By Mike Hoskins on April 03, 2020 AppSec
AuditJS is a free tool leveraging Sonatype's OSS Index. OSSI exposes a ReST API aggregating several security vulnerability feeds including CVE, CWE and NVD.
Read More...

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec
Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...

Nexus Vulnerability Scanner: Getting Started with Vulnerability Analysis

By Omkar Hiremath on March 26, 2020 vulnerabilities
Nexus Vulnerability Scanner is a free tool that scans your application for vulnerabilities and reports on its analysis.
Read More...

OWASP Security Knowledge Framework

By Daniel Longest on March 24, 2020 security
OWASP's security knowledge framework (SKF) is a method to help web and app developers establish best practices at each stage of product development.
Read More...

Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure

By Mark Miller on March 23, 2020 vulnerabilities
Equifax is creating a customer driven platform that includes security automation and data privacy, all while building transparency into the process.
Read More...

Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

By Mark Miller on March 19, 2020 AppSec
When we break down the barriers to communication and collaboration, we thrive as humans and as organizations. Sladjana Jovanovic shares her experiences.
Read More...

Why Manual Verification Still Matters

By Peter Morlion on March 10, 2020 AppSec
We continuously hear the benefits of automation. Jeroen Willemsen explains why we still need to perform manual checks.
Read More...

Nexus Innovator: Ken D'Auria of The Hartford

By Katie McCaskey on March 06, 2020 devops best practices
Ken D'Auria, Director of Engineering at The Hartford, describes a four-part DevSecOps evolution familiar to others building secure applications.
Read More...

Eliza May Austin Asks Us to Question Everything [VIDEO]

By Mark Miller on February 27, 2020 AppSec
Are silos good or bad? Is burnout real or imagined? Should people be jealous of pen testers? Questioning assumptions is key to discovery and well-being.
Read More...