Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Developers, Rejoice: Auto-Remediation Now Available in Eclipse, IntelliJ, and Visual Studio

By Sonal Thawani on July 08, 2019 Nexus Lifecycle
Auto-remediation makes it even easier to choose the best component right within an IDE. The CIP now automatically suggests the compliant version.
Read More...

New Cloud-Native CI/CD Projects OpenShift Pipelines and Tekton

By Katie McCaskey on July 01, 2019 devsecops
Siamak Sadeghianfar of RedHat explains how the open source projects Tekton and OpenShift support cloud-native CI/CD projects.
Read More...

Developers: We Must Evolve

By Derek Weeks on June 28, 2019 Devops
Chris Roberts of Attivo Networks sees many trends colliding that will require developers to adopt DevSecOps practices - now!
Read More...

New in Repo - Repository Routing Helps Protect Against Dependency Hijacking Attacks

By Sable Yemane on June 26, 2019 Nexus Repository
How to create a repository routing rule to prevent developers from pulling a private package from a public repository. Company Pied Piper as an example.
Read More...

What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices

By Derek Weeks on June 25, 2019 Software Supply Chain
Our 2019 State of the Software Supply Chain Report Reveals Best Practices From 36,000 OSS Dev Teams and 12,000 commercial software engineering teams.
Read More...

Achieving a Managed State Model For Your Software Supply Chain

Secure software development processes share attributes with other human endeavors such as cooking, reading, and sports, says Santi Mulukutla of Sonatype.
Read More...

DevSecOps: Security at the Speed of DevOps

By Katie McCaskey on June 18, 2019 devsecops
Larry Maccherone of Comcast shares his DevSecOps Manifesto and strategies he's used to foster the cultural change necessary to implement DevSecOps.
Read More...

DevOps Culture: The Neuroscience of Behavior

By Katie McCaskey on June 18, 2019 devsecops
Helen Beal of Ranger4 takes a look at how the brain works, and what that means for cultural transformation. This is your brain on DevOps.
Read More...

OSS for Enterprise: Procure Secure Components Faster & Manage Risk Better

By Carlos Schults on June 12, 2019 Nexus Lifecycle
The CI ecosystem is large and complex, especially at a company like Discover. Sheshagiri Rao shared personal insight into how to manage risk at a company where the stakes are high, using Nexus.
Read More...