The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Compliance as Code

By Pachi Carlson on July 06, 2020 Compliance
Compliance is a growing consideration for application security and must be managed.

OWASP Top 10 Overview

By Erik Dietrich on June 22, 2020 OWASP
Caroline Wong is a Chief Strategy Officer who teaches the OWASP Top 10. She uses memorable analogies to explain all ten.

ZeroTrustOps: Securing at Scale

By Sylvia Fronczak on June 19, 2020 AppSec
With zero trust, you assume everything on the network is unsafe. You have to check trust explicitly. This stance improves security throughout the SDLC.

Workflow Automation: Publishing Artifacts to Nexus Repository using Jenkins Pipelines

By Dmitriy Akulov on June 12, 2020 AppSec
Use Nexus Repo to create an automated workflow to build, store, organize, and monitor the compiled Maven artifacts through a CI server.

Can Kubernetes Keep a Secret?

By Daniel Longest on June 10, 2020 AppSec
Kubernetes Secrets store usernames and passwords as base-64 encoded strings. They are obscured from casual browsing, but this is the same as plaintext.

How to Publish Docker Images on a Private Nexus Repository Using Jib Maven Plugin

By Awkash Agrawal on June 08, 2020 AppSec
Learn how to publish Docker images to a private Nexus repository with the help of the Maven Jib plugin.

Smart Teams Use Atlassian and Sonatype to Plan Development Work

By Kevin Miller on June 05, 2020 JIRA
Shift open source governance into daily ticketing workflows. Teams can quickly assess risk and plan code fixes using Nexus Lifecycle and Jira Software.

Using a Software Bill of Materials (SBOM) is Going Mainstream

Crazy: OWASP A9 is about to turn seven and the DevSecOps Community Survey shows less than half of organizations can produce a Software Bill of Materials.

DevOps Assurance with OWASP SAMM

By Guillermo Salazar on June 02, 2020 OWASP
SAMM v2 follows three levels of maturity. Maturity levels 1 through 3 are similar to what, in other models, are known as crawling, walking, and running.