Featured Article

The Shifting Landscape of Open Source Supply Chain Attacks - Part 3

By Brian Fox on January 26, 2023 thought leaders

Brian Fox shares insights on who’s responsible for the security of software supply chains, and how orgs can minimize impact on efficiency and speed.

Read More

SHARE:

Sonatype_Blog_Logo_White
Image of a spring
READ MORE

New Spring Framework RCE Vulnerability Confirmed - What to Do?

7 minute read time

A new remote code execution flaw dubbed Springshell is affecting Spring-beans, exploiting a previously unknown security vulnerability.
Read More...
pull request commenting is visible in the code
READ MORE

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github

2 minute read time

Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...
GettyImages-168507532
READ MORE

Developers, Say Goodbye to Vulnerabilities. Squash Those Bugs!

By Katie McCaskey on June 12, 2019 Nexus Lifecycle

2 minute read time

Sonatypers Jerome Gergel and Melanie Latin offer developers a set of four best practices once violations are identified in your software.
Read More...
READ MORE

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 Software Supply Chain

3 minute read time

Containers and automated tools create new opportunities for software supply chains and opensource governance as well as system security. DevSecOps, application and system security are all visible in
Read More...
READ MORE

Real World Experiences: Blackboard

3 minute read time

As part of a new series we're calling 'Real World Experiences' we'll be highlighting how Sonatype customers are benefiting from greater development efficiency, higher productivity levels, faster time

Read More...
READ MORE

Who is Nigel Simpson? (Lessons of Open Source Governance)

By Derek Weeks on October 28, 2014 Sonatype Says

1 minute read time

Who is Nigel Simpson? (Lessons of Open Source Governance)
Read More...
READ MORE

Bash 2014 - This Is Not a Party

2 minute read time

I can honestly say that although referred to by the media as Shellshocked, I am neither shocked nor awed. I can’t say that I am a fan of the latest glorification of bugs like Heartbleed and

Read More...
READ MORE

What Happened Sept 16th?

2 minute read time

We led an invasion last week armed with a flying drone, glowing lightsabers, and the latest knowledge on open source security vulnerabilities. Our mission? Lead, share, educate, moderate, and have

Read More...
READ MORE

Never a More Interesting Time

1 minute read time

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light,

Read More...
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Subscribe for all the latest software security news and events

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Modern Slavery Statement    Event Terms and Conditions   Do Not Sell My Personal Information