Featured Article

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Going Online With the OWASP Vulnerability Management Guide Working Group

6 minute read time

The OWASP Vulnerability Management Guide (OVMG) project seeks to simplify vulnerability management into repeatable and scalable cycles.
Read More...
Wicket Good Development headline image (hands on a keyboard)
READ MORE

Wicked Good Development Episode 25: The Struggle With Open Source Licensing

By Kadi Grigg on January 20, 2023 licensing

25 minute read time

Filipp Kofman and Adam Such talk best practices for handling open source licensing and how beneficial it can be for managing dependencies.
Read More...
READ MORE

Intro to Malware Analysis: Analyzing Python Malware

By Juan Aguirre on January 19, 2023 Nexus Firewall

11 minute read time

Understanding malware analysis and the process of researching security vulnerabilities is the first step toward implementing best practices.
Read More...
READ MORE

Malware Monthly - December 2022

10 minute read time

Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.
Read More...
READ MORE

Best Practices in Dependency Management: Cooking a Meal of Gourmet Code

5 minute read time

Close to 85% of every application is open source software. Better understanding your software supply chain starts with understanding dependency management.
Read More...
READ MORE

PyTorch Namespace (Dependency) Confusion Attack

By Ilkka Turunen on January 04, 2023 News

4 minute read time

During the 2022 holiday season, a dependency confusion attack targeted PyTorch. Here's what users of PyTorch-NightlyBuild need to know.
Read More...
READ MORE

SCA and SAST: What Do They Do and How Can They Help Developers Like You?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...
AI generated image of two purple robots fighting against the background of blue and purple fire
READ MORE

PGP vs. sigstore: A Recap of the Match at Maven Central

7 minute read time

We put code-signing tools PGP and sigstore in a head-to-head match with Maven Central users to find a winner. The results may surprise you.
Read More...
READ MORE

Caroling Through the Season: The Sounds of the 4shells

8 minute read time

As 2022 wraps up, we wanted to take a moment not only to reflect on Log4j but also on the other two “4shell” vulnerabilities that were disclosed.
Read More...