Best Practices in Dependency Management: Cooking a Meal of Gourmet Code

5 minute read time

Close to 85% of every application is open source software. Better understanding your software supply chain starts with understanding dependency management.
Read More...

SCA and SAST: What Do They Do and How Can They Help Developers Like You?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...

How does Developer Morale Affect My Software Supply Chain?

By Luke Mcbride on January 03, 2023 survey

4 minute read time

Your place in the software supply chain has a lot to do with your development staff. A look at Sonatype data on developer state-of-mind and performance.
Read More...

PGP vs. sigstore: A Recap of the Match at Maven Central

7 minute read time

We put code-signing tools PGP and sigstore in a head-to-head match with Maven Central users to find a winner. The results may surprise you.
Read More...

What do Log4Shell and a Global Pandemic Have in Common?

By Theresa Mammarella on November 15, 2022 AppSec

4 minute read time

A look at development through the lens of weddings, including long-term planning, contingencies, and disasters. A video talk from this years DEVOXX.
Read More...

HID Global's Three Pillars of Operational Security

By Karin Althaus on June 15, 2022 Application Security

5 minute read time

The foundations of security at HID Global are a balanced set of tools, policies, and expertise. A look back at a DevSecOps Leadership Forums talks in Paris.
Read More...

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities

6 minute read time

ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

Effective Tools for Software Composition Analysis

By IT Central Station on July 14, 2021 Nexus Lifecycle

4 minute read time

Better developer tools for the software supply chain mean a faster, more effective team. Sonatype customers share the tools that help them move faster and with less risk.
Read More...

Breaking Organizational Silos for Better Application Security

By Phil Vuollet on July 08, 2021 AppSec

3 minute read time

Security depends on collaboration and communication. Our recent Elevate talk breaks down pillars, structure, and suggestions for organizational silos.
Read More...