Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

How a Software Bill of Materials Uncovers Known Vulnerabilities

In two minutes, we can show you a full software bill of materials for your application. We can also identify any known vulnerabilities in the open source

Read More...

Real World Experiences: Blackboard

As part of a new series we're calling 'Real World Experiences' we'll be highlighting how Sonatype customers are benefiting from greater development

Read More...

The Software Supply Chain Piques Interest

As we looked back at what our readers found most intriguing in the past year, we found one central theme: managing their software supply chain. Our readers

Read More...

Talking Turkey in Texas: Open Source Governance Lags

Deep in the heart of Texas, I was leading a panel discussion at the Lone Star Application Security Conference (LASCON) a few weeks ago. The panel was “

Read More...

CIO.com: Helping Developers Reduce Open Source Risk

Last week, CIO.com shared a story of an inflection point in application security. Lucian Constantin discussed how there needs to be a shift from manual

Read More...

Bash 2014 - This Is Not a Party

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed.

I can’t say that I am a fan of the latest

Read More...

Skeleton Key

A skeleton key is capable of opening any lock regardless of make or type. Do you know anyone who has one? I do. Lots of them.

Read More...

Time for Full Open Source Disclosure

We are not the first industry to face this challenge. But many are convinced our problem is much smaller than it really is or that it does not exist. They

Read More...