Skip Navigation

The Top 5 trends every DevOps leader needs to know for 2024

By Aaron Linskens on December 07, 2023 Development strategy

3 minute read time

Five key predictions shaping the future of software development with insights to empower DevOps leads in navigating the evolving development landscape
Read More...

The Top 5 trends every CISO needs to know for 2024

By Nicole Lavella on December 07, 2023 CISO

3 minute read time

Five key predictions shaping the future of software development with insights to empower CISOs in navigating the evolving development landscape
Read More...

What goes great with SLSA? Sonatype.

By Jeff Wayman on December 06, 2023 Software Supply Chain

6 minute read time

Learn about seamless compatibility between SLSA and Sonatype products, highlighting the powerful synergy that can enhance your software security efforts
Read More...

How can SLSA help secure your software supply chain?

By Jeff Wayman on December 05, 2023 Software Supply Chain

5 minute read time

Learn how Supply-chain Levels for Software Artifacts (SLSA) can help secure your software supply chain and provide a safer software development environment
Read More...

DevSecOps: A beginner's guide

By Aaron Linskens on December 04, 2023 shift left

6 minute read time

Explore the fundamentals of DevSecOps, its principles, practices, and the shift it represents in security within the software development life cycle
Read More...

The history of Maven Central and Sonatype: A journey from past to present

By Aaron Linskens on November 14, 2023 Software Supply Chain

11 minute read time

Explore the evolution of Maven Central, highlighting its crucial role in the Java ecosystem and software development overall and its connection to Sonatype
Read More...

SAST vs. DAST: Enhancing application security

By Aaron Linskens on September 21, 2023 DAST

7 minute read time

Explore advantages and limits of static application security testing SAST and dynamic application security testing DAST in application security
Read More...

npm packages caught exfiltrating Kubernetes config, SSH keys

By Ax Sharma on September 19, 2023 npm

4 minute read time

Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server
Read More...

New npm PoC packages target PayPal Zettle, Airbnb developers

By Ax Sharma on September 12, 2023 npm

4 minute read time

Sonatype identified npm packages that exploit dependency confusion, named after internal dependencies purportedly used by PayPal Zettle and Airbnb
Read More...