Sonatype Selected by Equifax to Support OS Governance Press Release

SON_logo_blog_2

How a Software Bill of Materials Uncovers Known Vulnerabilities

In two minutes, we can show you a full software bill of materials for your application. We can also identify any known vulnerabilities in the open source

Read More...

Integrating with SonarQube

By Brian Fox on August 27, 2014 Sonatype Says

Many development organizations we work with have turned to SonarQube as a dashboard to visualize and measure their code quality.

Read More...

Are You Choosing the "Right" Component?

In our recent open source developer survey we asked, what are the TOP FOUR characteristics considered when selecting a component? And since components are

Read More...

4 Open Source Components You Need to Update Right Now

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks. After

Read More...

The Sonatype 2014 Engineering Summit

By Mark Miller on April 28, 2014 Nexus Repo Reel

Last week, I joined the Sonatype engineering team at the yearly summit where we got together and discussed the future roadmap for Nexus and CLM, talk with

Read More...

FinSvcs Working Group (FS-ISAC) Takes on Open Source Components

Applications are becoming the primary security threat vector. Since applications are constructed from 3rd party components, there continues to be a tremendous

Read More...

Should your devops pipeline consider component intelligence?

By Manfred Moser on October 31, 2013 Nexus Repo Reel

Last week I was a host of October Nexus Live and attended DevOpsDays Vancouver. In both events Sonatype Nexus and CLM were present as part of a devops pipeline

Read More...

Yes, Policies Can Actually Speed Development

By Derek Weeks on October 31, 2013 Nexus Repo Reel

CONTROL, ENFORCEMENT, APPROVALS, POLICIES

Read More...