Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Secure Software Development Attestation Form: Sonatype helps you comply

6 minute read time

The CISA Secure Software Development Attestation Form sets cybersecurity standards for US Federal agency software purchases. Learn how Sonatype helps you comply with SSDF guidelines.
Read More...
READ MORE

A demand for real consequences: Sonatype's response to CISA's Secure by Design

By Brian Fox on February 23, 2024 thought leaders

7 minute read time

Sonatype's founder and CTO Brian Fox discusses more stringent enforcement mechanisms to encourage wider adoption of secure development practices
Read More...
READ MORE

U.S. government's guidelines for securing software: Suppliers

By Sonatype on November 23, 2022 secure software supply chain

7 minute read time

Sonatype breaks down the software supply chain best practices for suppliers that were recently released by the ESF Software Supply Chain Working Panel.
Read More...
READ MORE

Arming the defender force and securing the software supply chain: Helping developers implement CISA best practices - Part 1

By Eric Hill on September 19, 2022 secure software supply chain

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.
Read More...