Featured Article

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Best Practices in Dependency Management: Cooking a Meal of Gourmet Code

5 minute read time

Close to 85% of every application is open source software. Better understanding your software supply chain starts with understanding dependency management.
Read More...
READ MORE

SCA and SAST: What Do They Do and How Can They Help Developers Like You?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...
Bride at her computer in front of multiple screens
READ MORE

What do Log4Shell and a Global Pandemic Have in Common?

By Theresa Mammarella on November 15, 2022 AppSec

4 minute read time

A look at development through the lens of weddings, including long-term planning, contingencies, and disasters. A video talk from this years DEVOXX.
Read More...
READ MORE

Breaking Organizational Silos for Better Application Security

By Phil Vuollet on July 08, 2021 AppSec

3 minute read time

Security depends on collaboration and communication. Our recent Elevate talk breaks down pillars, structure, and suggestions for organizational silos.
Read More...
READ MORE

Compliance as Code

By Pachi Carlson on July 06, 2020 Compliance

4 minute read time

Compliance is a growing consideration for application security and must be managed.
Read More...
READ MORE

OWASP Top 10 Overview

By Erik Dietrich on June 22, 2020 OWASP

4 minute read time

Caroline Wong is a Chief Strategy Officer who teaches the OWASP Top 10. She uses memorable analogies to explain all ten.
Read More...
READ MORE

ZeroTrustOps: Securing at Scale

By Sylvia Fronczak on June 19, 2020 AppSec

5 minute read time

With zero trust, you assume everything on the network is unsafe. You have to check trust explicitly. This stance improves security throughout the SDLC.
Read More...
READ MORE

Workflow Automation: Publishing Artifacts to Nexus Repository using Jenkins Pipelines

By Dmitriy Akulov on June 12, 2020 AppSec

8 minute read time

Use Nexus Repo to create an automated workflow to build, store, organize, and monitor the compiled Maven artifacts through a CI server.
Read More...
READ MORE

Can Kubernetes Keep a Secret?

By Daniel Longest on June 10, 2020 AppSec

3 minute read time

Kubernetes Secrets store usernames and passwords as base-64 encoded strings. They are obscured from casual browsing, but this is the same as plaintext.
Read More...