Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Security Organizations Need to Start Thinking Like Developers

By DJ Schleen on July 30, 2019 security
Developers must think more securely, and security teams need to learn more development skills. Cross-discipline awareness strengthens software development.

Blue by Default

By Katie McCaskey on July 29, 2019 security
Aubrey Stearn (@auberryberry) explains DevOps security approach Blue by Default. Security practices move prior to testing and delivery to ensure focus.

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec
Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components. Heading into 2019, organizations should learn how to run fast enough to harness

Inevitable:  Earthquakes and Exploits

By Mike Hansen on November 15, 2018 AppSec
Earthquakes and open source vulnerabilities are both inevitable, unpredictable, and can be catastrophic. Sonatype's Mike Hansen talks about what earthquake preparedness can teach us about open source

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain
Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security. DevSecOps, application and system security are all visible in

Zero Day, Now What?

By Curtis Yanko on September 27, 2017 Nexus Lifecycle
What a security incident response looks like for users of Nexus Lifecycle.

Do You View Your AppSec Tools as an Inhibitor to Innovation or a Safety Measure?

By Helen Beal on March 23, 2017 AppSec
DevOps is all about making better software faster. It also requires making it more safely while compressing the time between ideation to realisation

The Nexus Firewall – Perimeter Defense for Software Development

By Mike Hansen on January 25, 2017 Known Vulnerabilities
We now have a revolutionary way to improve speed and reduce risk through the quarantine of components with known vulnerabilities using Nexus Firewall.