Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Integrating with SonarQube

By Brian Fox on August 27, 2014 Sonatype Says

Customers using CLM want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To

Read More...

Outnumbered, Again

I remember it clearly. Sitting down for breakfast, I opened the Sydney Morning Herald to see the latest headlines in Australia for the day. As I shuffled through the paper, I finally landed upon the

Read More...

Are You Choosing the "Right" Component?

In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are the building blocks used when creating an

Read More...

4 Open Source Components You Need to Update Right Now

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on

Read More...

The Sonatype 2014 Engineering Summit

By Mark Miller on April 28, 2014 Nexus Repo Reel
The Sonatype 2014 Engineering Summit
Read More...

FinSvcs Working Group (FS-ISAC) Takes on Open Source Components

Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus

Read More...

Should your devops pipeline consider component intelligence?

By Manfred Moser on October 31, 2013 Nexus Repo Reel

In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using Nexus as a repository for their development and release components. They found that they need to be able

Read More...

Yes, Policies Can Actually Speed Development

By Derek Weeks on October 31, 2013 Nexus Repo Reel
Yes, Policies Can Actually Speed Development
Read More...