Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
image of notebook with checkmarks representing software bill of materials
READ MORE

SBOM – From the idea of transparency to the reality of code

4 minute read time

Allan Friedman from the NTIA has been working on SBOM standards in government and industry, for years. He spoke at ELEVATE 2021 about their status and future.
Read More...
READ MORE

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government

3 minute read time

Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.
Read More...
GettyImages-915625448
READ MORE

Improving DevSecOps at the GSA

By Derek Weeks on September 05, 2019 government

2 minute read time

The General Service Administration shares how it adopted devops practices interagency in this presentation, Getting There: The Journey to Government DevOps.
Read More...
GettyImages-1137632555
READ MORE

Continuous Authorization with DevSecOps

By Katie McCaskey on August 06, 2019 devsecops

3 minute read time

Continuous Authentication is a dynamic process that examines attributes that change and continually validates them. Hasan Yasar explains the DevSecOps fit.
Read More...
DevOps-in-government
READ MORE

DevOps at the US Patent and Trademark Office

By Katie McCaskey on July 18, 2019 devsecops

4 minute read time

The US Patent and Trademark Office's Fee Processing Next Generation (FPNG) is an example of a government agency moving to a devops development environment.
Read More...
GettyImages-1073609342
READ MORE

Alexa: What’s the Future of Cyber Security?

By Katie McCaskey on May 02, 2019 devsecops

5 minute read time

The software supply chain connects everyone and everything but attacks to this connected web can be blatant and overt, with damaging consequences - especially.
Read More...
GettyImages-922733518
READ MORE

From 0 to Accredited in 23 Days

By Derek Weeks on April 22, 2019 devops tools

2 minute read time

DevSecOps in Government - What if there was a way to go from 0 to accredited in 23 days? Leonel Garciga from the DoD’s Joint Improvised Threat Defeat.
Read More...
GettyImages-529769841
READ MORE

The Weakest Link Might be Your Supply Chain: Just Ask The Pentagon

By Matt Howard on August 13, 2018 devsecops

2 minute read time

Whether you’re talking about software applications, or national security, there is an imminent need to better understand who you’re doing business with, and.
Read More...
Thoughts on Security
READ MORE

Thoughts on Security in the Modern Software Supply Chain [Podcast Interview]

By Mark Miller on January 15, 2018 OWASP

1 minute read time

A conversations about government vs public software security, the OWASP Top 10 and common security patterns in large scale projects.
Read More...