Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

How to Easily Identify Conda Vulnerabilities Using Sonatype Jake

By Aditya Khanduri on February 20, 2020 Everything Open Source
Jake, a free tool, identifies vulnerabilities in a Conda environment. It's simple to use, saves time, and empowers you to develop Python projects faster.
Read More...

Gartner: The Crucial Role of OSS License Compliance

Gartner's SCA recommendations include deep understanding of OSS licensing. Operating without license compliance, intentionally or not, invites peril.
Read More...

“This is the New Op Model” - Why State Farm Sponsored ADDO, and the Results

By Katie McCaskey on November 20, 2019 devops best practices
4,000 developers from State Farm attended this year's All Day DevOps, sponsored by Sonatype. Why did they attend, and what did they get out of it?
Read More...

October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.

By Katie McCaskey on October 21, 2019 PCI
As open source software grows, developers play a crucial role ensuring that cyber security threats are prevented, mitigated, and repaired.
Read More...

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

By Brian Fox on August 23, 2019 open source security
Last month, the RubyGems strong_password component was breached and injected with malicious code. This is only the latest example of bad actors attacking developers at the source.
Read More...

Activate Your Shield Against Open Source Invasions

By Katie McCaskey on August 09, 2019 open source management
Mike Van Doren, Sonatype Solution Architect, identifies the infinity stones that grant superpowers in the Nexus ecosystem.
Read More...

NIST Proposes Standards to Secure Government SDLC

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...

Top 5 Tomcat Vulnerabilities

By Sylvia Fronczak on June 12, 2019 vulnerability
If you spend time monitoring and patching OSS projects, you know Tomcat has some vulnerabilities. Today, Tomitribe walked us through 5 of those vulnerabilities.
Read More...

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...