Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

DevOps and Opportunities in Software Supply Chain Governance

By Wayne Jackson on February 09, 2017 open source governance
Governance has been an evil word for software developers but new approaches unlock massive gains in productivity, reductions in cost, improvements in quality.
Read More...

DevSecOps: Better Software, Faster

By Derek Weeks on February 08, 2017 repository health check
1 in 16 open source and third-party components downloaded last year included a known vulnerability. That may not seem like too many until you realize the average company downloads well over 200,000
Read More...

All Day DevOps: Practitioner-to-Practitioner

By Derek Weeks on October 30, 2016 Continuous Delivery
All Day DevOps will deliver 57 practitioner-led sessions over 15 hours and 15 time zones. No vendor pitches are allowed.
Read More...

All Day DevOps Conference: Bringing DevOps to the World

By Derek Weeks on September 08, 2016 Continuous Delivery
November 15, 2016 will see the first truly global, online DevOps Conference: All Day DevOps. 15 hours, 15 time zones, 54 sessions, 3 keynotes.
Read More...

Government Asks: What’s in Your Software?

Top performing development organizations embrace supply chain management best practices, including use of a Software Bill of Materials (BOM).
Read More...

An Insider's View: Analyzing Software Supply Chains

2016 state of the software supply chain report reveals the volume of open source component usage and quantifies the presence of known vulnerabilities.
Read More...

Rugged DevOps: Survival is Not Mandatory

By Derek Weeks on January 25, 2016 Nexus solutions

Deming, the patron saint of DevOps once advised, “It is not necessary to change. Survival is not mandatory.” To survive, application development teams are constantly pressured to deliver software

Read More...

DevOps Leadership Series: Security at Velocity [Video]

By Derek Weeks on May 12, 2015 Software Supply Chain

If it does not fit, it does not get done. For many DevOps practices, application security falls into the “does not get done” bucket. That’s because for many DevOps-centric organizations, application

Read More...

Should DevOps Account for Continuous Trust of Production Applications?

By Jessica Dodson on January 09, 2014 Application Security
Should DevOps Account for Continuous Trust of Production Applications?
Read More...