The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

DevSecOps for a Dollar or Less

By Derek Weeks on October 07, 2019 OWASP
The DevSecOps Maturity Model (DSOMM) helps you analyze your organization's development pipeline to see where you need to improve.

DevOps and Opportunities in Software Supply Chain Governance

By Wayne Jackson on February 09, 2017 open source governance
Governance has been an evil word for software developers but new approaches unlock massive gains in productivity, reductions in cost, improvements in quality.

DevSecOps: Better Software, Faster

By Derek Weeks on February 08, 2017 repository health check
1 in 16 open source and third-party components downloaded last year included a known vulnerability. That may not seem like too many until you realize the average company downloads well over 200,000

All Day DevOps: Practitioner-to-Practitioner

By Derek Weeks on October 30, 2016 Continuous Delivery
All Day DevOps will deliver 57 practitioner-led sessions over 15 hours and 15 time zones. No vendor pitches are allowed.

All Day DevOps Conference: Bringing DevOps to the World

By Derek Weeks on September 08, 2016 Continuous Delivery
November 15, 2016 will see the first truly global, online DevOps Conference: All Day DevOps. 15 hours, 15 time zones, 54 sessions, 3 keynotes.

Government Asks: What’s in Your Software?

Top performing development organizations embrace supply chain management best practices, including use of a Software Bill of Materials (BOM).

An Insider's View: Analyzing Software Supply Chains

2016 state of the software supply chain report reveals the volume of open source component usage and quantifies the presence of known vulnerabilities.

Rugged DevOps: Survival is Not Mandatory

By Derek Weeks on January 25, 2016 Nexus solutions

Deming, the patron saint of DevOps once advised, “It is not necessary to change. Survival is not mandatory.” To survive, application development teams are constantly pressured to deliver software


DevOps Leadership Series: Security at Velocity [Video]

By Derek Weeks on May 12, 2015 Software Supply Chain

If it does not fit, it does not get done. For many DevOps practices, application security falls into the “does not get done” bucket. That’s because for many DevOps-centric organizations, application