Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec
A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...

Get the Latest DevSecOps Reference Architecture

By DJ Schleen on February 13, 2020 reference architecture
Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...

Anatomy of a Continuous Delivery Pipeline

By Peter Morlion on February 04, 2020 continuous deployment
Kamalika Majumder explains the anatomy of a continuous delivery pipeline, its benefits, and five key principles to shape and refine it.
Read More...

Three DevSecOps Lessons Drawn from Conversations with 45 CISOs

By Matt Howard on January 29, 2020 CISO
CISOs reduce risk and significantly improve an organization's IT security posture by shifting more resources to the beginning of the digital supply chain.
Read More...

Nexus Intelligence Insights: Sonatype-2020-0003 - npm malicious package 1337qq-js

By Elisa Velarde on January 15, 2020 vulnerabilities
In this month's Nexus Intelligence Insights, we cover Sonatype-2020-0003: npm malicious package 1337qq-js. Here's why it made noise but had no impact.
Read More...

Shifting Security Left: The Innovation of DevSecOps

By Sylvia Fronczak on January 02, 2020 shift left
DevSecOps is a cultural shift that reinforces the mindset that everyone is responsible for security. Here's why this idea is so innovative and productive.
Read More...

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials
Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...

5 Ways Your Organization Benefits from DevSecOps

By Akshay 'Ax' Sharma on November 14, 2019 devsecops
It's important to understand why DevSecOps matters in this day and age of security breaches and what the pragmatic benefits are for your organization.
Read More...

Sonatype Partners with All Day DevOps to Deliver the Largest DevOps Conference for 36,000

By Derek Weeks on November 05, 2019 DevOps Culture
In conjunction with All Day DevOps, Sonatype helps to educate more than 36,000 IT professionals. Join us on Nov. 6.
Read More...