Featured Article
Introducing our 9th annual State of the Software Supply Chain report
How a Software Bill of Materials Uncovers Known Vulnerabilities
3 minute read time
Integrating with SonarQube
3 minute read time
Customers using CLM want to surface known security vulnerabilities and license risk in the same place developers or executives already go to assess the overall quality of their application. To
Outnumbered, Again
3 minute read time
I remember it clearly. Sitting down for breakfast, I opened the Sydney Morning Herald to see the latest headlines in Australia for the day. As I shuffled through the paper, I finally landed upon the
Are You Choosing the "Right" Component?
4 minute read time
In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are the building blocks used when creating an
4 Open Source Components You Need to Update Right Now
8 minute read time
Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After doing a little industry research on
The Sonatype 2014 Engineering Summit
1 minute read time
FinSvcs Working Group (FS-ISAC) Takes on Open Source Components
5 minute read time
Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous amount of industry effort and impetus
Should your devops pipeline consider component intelligence?
3 minute read time
In the Nexus Live event John Nagro and Tom McLaughlin from HubSpot detailed how they are using Nexus as a repository for their development and release components. They found that they need to be able
Yes, Policies Can Actually Speed Development
5 minute read time