Skip Navigation

What are the elements of an SBOM?

By Aaron Linskens on February 29, 2024 software bill of materials

7 minute read time

Discover what exactly makes up an SBOM and why generating and managing SBOMs helps level up your cybersecurity and better secure your software
Read More...

Why SBOMs are essential for every organization

By Aaron Linskens on February 21, 2024 Cybersecurity

6 minute read time

Explore the big role of software bills of materials (SBOMs) in enhancing cybersecurity, managing vulnerabilities, and ensuring compliance with regulations
Read More...

Software dependencies: A beginner's guide

By Aaron Linskens on October 27, 2023 Software Supply Chain

5 minute read time

Explore software dependencies, their two main categories of direct and transitive, and find out how to manage software dependencies at scale
Read More...

Dependency mapping: A beginner's guide

By Aaron Linskens on October 20, 2023 vulnerabilities

8 minute read time

Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.
Read More...

npm manifest confusion – What is it and do you really need to worry about it?

By Ax Sharma on June 28, 2023 npm

4 minute read time

npm manifest confusion – what is it and do you really need to worry about it?
Read More...

Rule over your dependencies and scan at your own open source risk

By Aaron Linskens on September 13, 2022 vulnerabilities

5 minute read time

A good way to make sure that your organization's vulnerabilities don't go unnoticed is conducting regular scans of open source used in your environments.
Read More...

Why are dependency confusion attacks not going away?

By Ax Sharma on February 09, 2022 dependencies

4 minute read time

Sonatype has caught more than 63,000 suspicious packages, the majority of which are dependency confusion candidates. Why are these attacks not going away?
Read More...

PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector

By Katie McCaskey on July 22, 2019 dependency injection

3 minute read time

Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.
Read More...

How not to download the Internet

By Tim OBrien on April 19, 2011 Nexus Repo Reel

3 minute read time

How not to download the Internet
Read More...