Keep Applications Secure in Atlassian Bitbucket With Automated Pull Requests

By Kevin Miller on April 22, 2020 atlassian

2 minute read time

The Nexus Lifecycle/Atlassian Bitbucket integration automates pull requests, fixing security vulnerabilities and maintaining the quality of dependencies.
Read More...

How to Use Nancy to Improve Your Go Application Security

By Jonathan Hall on April 17, 2020 AppSec

9 minute read time

Nancy, as you may know by reputation, is a detective. She uses Sonatype's OSS Index to check for vulnerabilities in your Go dependencies.
Read More...

Your Guide to AppSec Tools: SAST or SCA?

By Alyssa Shames on April 16, 2020 AppSec

4 minute read time

Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...

OWASP Top 10 Introduction with Caroline Wong [VIDEO]

By Zack Conord on April 14, 2020 OWASP

1 minute read time

Caroline Wong shares her perspective on which OWASP Top 10 is particularly relevant today with so many professionals working from home.
Read More...

Comparing npm Audit Versus AuditJS

By Mike Hoskins on April 03, 2020 AppSec

6 minute read time

AuditJS is a free tool leveraging Sonatype's OSS Index. OSSI exposes a ReST API aggregating several security vulnerability feeds including CVE, CWE and NVD.
Read More...

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec

1 minute read time

Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...

Getting Started with Sonatype Vulnerability Analysis

By Omkar Hiremath on March 26, 2020 vulnerabilities

7 minute read time

Sonatype Vulnerability Scanner is a free tool that scans your application for vulnerabilities and reports on its analysis.
Read More...

OWASP Security Knowledge Framework

By Daniel Longest on March 24, 2020 security

4 minute read time

OWASP's security knowledge framework (SKF) is a method to help web and app developers establish best practices at each stage of product development.
Read More...

Bryson Koehler, Equifax CTO, Discusses the Road Ahead in Data Security Infrastructure

By Mark Miller on March 23, 2020 vulnerabilities

1 minute read time

Equifax is creating a customer driven platform that includes security automation and data privacy, all while building transparency into the process.
Read More...