Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

By Daniel Longest on May 21, 2020 shift left

3 minute read time

Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.

Read More...

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials

5 minute read time

Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.

Read More...

Why Does Security Matter For DevOps?

By Derek Weeks on October 01, 2019 security

4 minute read time

Caroline Wong (@CarolineWMWong) explains why organizations that use DevOps are 2X more likely to succeed than peers.

Read More...

The Three R’s of Software Supply Chains: Reject, Replace, and Respond

By Curtis Yanko on September 09, 2019 devops best practices

7 minute read time

OWASP A9 has been around for over 6 years now. These three R's helps enterprise security manage their software supply chains: Reject, Replace, Respond.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

Why You Need a Software Bill of Materials More Than Ever

Why Does Security Matter For DevOps?

The Three R’s of Software Supply Chains: Reject, Replace, and Respond

Secure your software supply chain

Subscribe for all the latest software security news and events