Featured Article

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

New Spring Framework RCE vulnerability confirmed - What to do?

By Ilkka Turunen on March 30, 2022 component vulnerabilities

7 minute read time

A new remote code execution flaw dubbed Springshell is affecting Spring-beans, exploiting a previously unknown security vulnerability.

Read More...

pull request commenting is visible in the code

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github

2 minute read time

Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.

Read More...

Developers, Say Goodbye to Vulnerabilities. Squash Those Bugs!

By Katie McCaskey on June 12, 2019 Nexus Lifecycle

2 minute read time

Sonatypers Jerome Gergel and Melanie Latin offer developers a set of four best practices once violations are identified in your software.

Read More...

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain

3 minute read time

Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security.

Read More...

Real World Experiences: Blackboard

By Derek Weeks on April 21, 2015 Component Lifecycle Management

3 minute read time

As part of a new series we're calling 'Real World Experiences' we'll be highlighting how Sonatype customers are benefiting from greater development.

Read More...

Who is Nigel Simpson? (Lessons of Open Source Governance)

By Derek Weeks on October 28, 2014 Sonatype Says

1 minute read time

Who is Nigel Simpson? (Lessons of Open Source Governance)

Read More...

Bash 2014 - This Is Not a Party

By Derek Weeks on September 25, 2014 Cyber Supply Chain Management and Transparency Act

2 minute read time

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed.

Read More...

What Happened Sept 16th?

By Derek Weeks on September 23, 2014 Cyber Supply Chain Management and Transparency Act

2 minute read time

We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities.

Read More...

Never a More Interesting Time

By Derek Weeks on August 26, 2014 Cyber Supply Chain Management and Transparency Act

1 minute read time

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch.

Read More...

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

New Spring Framework RCE vulnerability confirmed - What to do?

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

Developers, Say Goodbye to Vulnerabilities. Squash Those Bugs!

DevSecOps In The Age Of Containers

Real World Experiences: Blackboard

Who is Nigel Simpson? (Lessons of Open Source Governance)

Bash 2014 - This Is Not a Party

What Happened Sept 16th?

Never a More Interesting Time

Secure your software supply chain

Subscribe for all the latest software security news and events