Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

DevOps pioneers navigate organizational transformation

By Aaron Linskens on April 18, 2024 Devops

4 minute read time

Read about Sonatype’s DevOps Download webinar with Gene Kim who discusses how DevOps pioneers are catalyzing significant shifts within organizations
Read More...
READ MORE

How to safeguard your software supply chain

By Keiana King on March 15, 2024 Software Supply Chain

3 minute read time

Sonatype CTO Brian Fox and Forrester Senior Analyst Janet Worthington discuss securing your organization's software supply chain.
Read More...
READ MORE

NVD overload: Unveiling a hidden crisis in vulnerability management

By Aaron Linskens on March 15, 2024 vulnerabilities

5 minute read time

Learn about a critical yet underreported issue in the National Vulnerability Database (NVD) that could have global impact for cybersecurity infrastructure
Read More...
A structure of blocks being stacked up
READ MORE

Perception versus reality: A data-driven look at open source risk management

By Luke Mcbride on November 11, 2022 vulnerability

2 minute read time

Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.
Read More...
Woman interacting with a floating display
READ MORE

Open source best practices for higher quality code to fundamentally strengthen your project

By Aaron Linskens on November 09, 2022 Open Source

8 minute read time

A look at some basic practices for higher quality code to help fundamentally strengthen your project.
Read More...
READ MORE

14 All Day DevOps (ADDO) sessions you won’t want to miss

By Sonatype on November 01, 2022 News

2 minute read time

ADDO returns on November 10, 2022. There are 180 speakers covering six different tracks, but these 14 sessions are ones you won't want to miss.
Read More...
READ MORE

Webinar recap: Best practices for managing (and supercharging) your software supply chain

By Sonatype on October 28, 2022 Forrester

1 minute read time

Sonatype and Forrester talk the latest research related to software supply chain management and provide insights on best practices from DevSecOps leaders.
Read More...
READ MORE

An open source maintainer's best practice: How to use SBOMs to root out project vulnerabilities

By Aaron Linskens on October 25, 2022 Open Source

6 minute read time

The second entry in Sonatype's series for Security Slam explores how your project can benefit from the use of a software bill of materials (SBOM).
Read More...
READ MORE

Open source best practices: Key documents to help welcome new contributors to your project

By Aaron Linskens on October 17, 2022 Open Source

5 minute read time

This series of blog posts on best practices for open source maintainers was created in partnership with CNCF for Sonatype's Security Slam event.
Read More...