Featured Article

Introducing Our 8th Annual State of the Software Supply Chain Report

By Stephen Magill on October 18, 2022 State of the Software Supply Chain

Announcing the arrival of our 8th Annual State of the Software Supply Chain Report looking at managing open source security, industry trends, and more.

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Compliance as Code

By Pachi Carlson on July 06, 2020 Compliance

4 minute read time

Compliance is a growing consideration for application security and must be managed.
Read More...
READ MORE

The Science of Compliance: Early Code to Secure Your Node

By Carlos Schults on April 27, 2020 Compliance

4 minute read time

Compliance testing can—and should—be done at all stages of your CI process. Watch your test tool – there can be false positives as well as false negatives.
Read More...
READ MORE

Nexus Firewall: Quality at Velocity

By Mike Hansen on November 17, 2015 nexus pro

5 minute read time

Nexus Firewall: Quality at Velocity
Read More...
READ MORE

The Cost to DevOps: 27 Mufflers

By Derek Weeks on July 16, 2015 Known Vulnerabilities

4 minute read time

Imagine that you are designing the 2016 Range Rover line of sport utility vehicles. Like all gas powered vehicles, each one needs an exhaust muffler. Range Rover likely has narrowed in on a preferred

Read More...
READ MORE

Better and Fewer Suppliers (2015 Software Supply Chain Report)

By Derek Weeks on June 17, 2015 governance

4 minute read time

Today I want to focus on the huge ecosystem of open source projects (“suppliers”) that feed a steady stream of innovative components into our software supply chains. In the Java ecosystem alone,

Read More...
READ MORE

DevOps Leadership Series: Gov Does DevOps (Part 2)

By Derek Weeks on June 02, 2015 Software Supply Chain

1 minute read time

During my second day at DevOpsDays DC, I had the opportunity to catch up with a couple more industry thought leaders. First up, John Willis, DevOps Days core organizer and co-author the upcoming

Read More...
READ MORE

DevOps Leadership Series: Gov Does DevOps

By Derek Weeks on May 27, 2015 rugged

2 minute read time

This past week, I had the opportunity to catch up with some more industry thought leaders at the DevOpsDays DC event in our nation’s capital. This was the first major DevOps Days event to feature a

Read More...
READ MORE

3 Reasons Manual Policies Just Don’t Work

2 minute read time

Over the past four years, Sonatype has surveyed open source development organizations and year after year, we find that developers have the best intentions. They strive to build good quality code,

Read More...
READ MORE

PCI 3.0 - Secure Payment Requires Secure Components

By Derek Weeks on November 14, 2013 PCI

2 minute read time

PCI 3.0 - Secure Payment Requires Secure Components
Read More...
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Subscribe for all the latest software security news and events

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Modern Slavery Statement    Event Terms and Conditions   Do Not Sell My Personal Information