New Spring Framework RCE vulnerability confirmed - What to do?

7 minute read time

A new remote code execution flaw dubbed Springshell is affecting Spring-beans, exploiting a previously unknown security vulnerability.
Read More...

Find and fix vulnerabilities in seconds using GitHub PR reviews with line comments

By Kevin Miller on July 07, 2020 github

2 minute read time

Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...

Developers, Say Goodbye to Vulnerabilities. Squash Those Bugs!

By Katie McCaskey on June 12, 2019 Nexus Lifecycle

2 minute read time

Sonatypers Jerome Gergel and Melanie Latin offer developers a set of four best practices once violations are identified in your software.
Read More...

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain

3 minute read time

Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security.
Read More...

Real World Experiences: Blackboard

3 minute read time

As part of a new series we're calling 'Real World Experiences' we'll be highlighting how Sonatype customers are benefiting from greater development.
Read More...

Who is Nigel Simpson? (Lessons of Open Source Governance)

By Derek Weeks on October 28, 2014 Sonatype Says

1 minute read time

Who is Nigel Simpson? (Lessons of Open Source Governance)
Read More...

Bash 2014 - This Is Not a Party

2 minute read time

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed.
Read More...

Two AppSec Questions Always Asked

4 minute read time

While Repository Health Checks are valuable, we just released something even better: the CLM 1.11 Dashboard.
Read More...

Trusting Third-Party Code That Can't Be Trusted

2 minute read time

Paul Roberts (@paulfroberts) at InfoWorld recently shared his perspective on “5 big security mistakes coders make”.
Read More...