Skip Navigation

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials

5 minute read time

Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.

Nexus Lifecycle Now Integrates With Red Hat Clair to Secure Containers Across the SDLC

By Michelle Dufty on November 25, 2019 featured

2 minute read time

Sonatype is automating container security via an open API that makes it easy for third-party container scanners to integrate with Nexus Lifecycle - starting.

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

By Katie McCaskey on August 05, 2019 open source governance

3 minute read time

Toyota developed a vehicle production framework, still in use today, that shapes contemporary software supply chain management, too.

A Lesson in Why “Security by Press Release” is Detrimental

By Ax Sharma on November 02, 2018 vulnerabilities

4 minute read time

Last week news broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched - sending many into a frenzy.