Skip Navigation
Book a Demo
Book a Demo

Featured Article

Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

By Tara Flynn Condon on May 23, 2023 AppSec

Sonatype is named to the 2023 Gartner Magic Quadrant for Application Security Testing (AST).

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

How to Convert Your SBOM Between SPDX and CycloneDX Formats

7 minute read time

A step-by-step guide on how to convert between SBOM formats using tooling from the official repositories of SPDX and CycloneDX.
Read More...
READ MORE

Post-Conference Tech Spec: Why Building Your Ship (Application) with Raw Materials is a Bad Idea

12 minute read time

Get all the details of the presentation that Jamie Coleman, Developer Advocate on Sonatype’s Developer Relations team, gave at Voxxed Days Zurich 2023.
Read More...
READ MORE

Best Practices in Dependency Management: Cooking a Meal of Gourmet Code

5 minute read time

Close to 85% of every application is open source software. Better understanding your software supply chain starts with understanding dependency management.
Read More...
READ MORE

SCA and SAST: What Do They Do and How Can They Help Developers Like You?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...
READ MORE

How does Developer Morale Affect My Software Supply Chain?

By Luke Mcbride on January 03, 2023 survey

4 minute read time

Your place in the software supply chain has a lot to do with your development staff. A look at Sonatype data on developer state-of-mind and performance.
Read More...
AI generated image of two purple robots fighting against the background of blue and purple fire
READ MORE

PGP vs. sigstore: A Recap of the Match at Maven Central

7 minute read time

We put code-signing tools PGP and sigstore in a head-to-head match with Maven Central users to find a winner. The results may surprise you.
Read More...
Bride at her computer in front of multiple screens
READ MORE

What do Log4Shell and a Global Pandemic Have in Common?

By Theresa Mammarella on November 15, 2022 AppSec

4 minute read time

A look at development through the lens of weddings, including long-term planning, contingencies, and disasters. A video talk from this years DEVOXX.
Read More...
Stylistic image of many hands contributing puzzle peices
READ MORE

HID Global's Three Pillars of Operational Security

By Karin Althaus on June 15, 2022 Application Security

5 minute read time

The foundations of security at HID Global are a balanced set of tools, policies, and expertise. A look back at a DevSecOps Leadership Forums talks in Paris.
Read More...
Packages going through a supply chain
READ MORE

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities

6 minute read time

ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...