One in Six Developers in Healthcare Report Open Source Breaches | Press Release

blog-logo Sonatype Blog

UPDATE: 21 SaltStack Breaches with 2,900 Still Vulnerable

By Derek Weeks on May 31, 2020 vulnerabilities
When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?
Read More...

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

By Alyssa Shames on May 12, 2020 AppSec
Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...

The Science of Compliance: Early Code to Secure Your Node

By Carlos Schults on April 27, 2020 Compliance
Compliance testing can—and should—be done at all stages of your CI process. Watch your test tool – there can be false positives as well as false negatives.
Read More...

Keep Applications Secure in Atlassian Bitbucket with Automated Pull Requests

By Kevin Miller on April 22, 2020 atlassian
The Nexus Lifecycle/Atlassian Bitbucket integration automates pull requests, fixing security vulnerabilities and maintaining the quality of dependencies.
Read More...

How to Use Nancy to Improve Your Go Application Security

By Jonathan Hall on April 17, 2020 AppSec
Nancy, as you may know by reputation, is a detective. She uses Sonatype's OSS Index to check for vulnerabilities in your Go dependencies.
Read More...

Your Guide to AppSec Tools: SAST or SCA?

By Alyssa Shames on April 16, 2020 AppSec
Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...

OWASP Top 10 Introduction with Caroline Wong [VIDEO]

By Zack Conord on April 14, 2020 OWASP
Caroline Wong shares her perspective on which OWASP Top 10 is particularly relevant today with so many professionals working from home.
Read More...

Comparing npm Audit Versus AuditJS

By Mike Hoskins on April 03, 2020 AppSec
AuditJS is a free tool leveraging Sonatype's OSS Index. OSSI exposes a ReST API aggregating several security vulnerability feeds including CVE, CWE and NVD.
Read More...

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec
Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...