Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Malicious Attacks On Open Source Are Going to Get Worse; Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Software Composition Analysis: A Matter of Perspective (and Experience)

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.
Read More...

40 DevSecOps Reference Architectures To Learn From

By Janie Gelfond on April 04, 2019 devsecops
Scaling DevSecOps is no easy feat. There are so many ways to automate security across the SDLC, that it can become overwhelming quickly. That's why we created DevSecOps Reference Architecture
Read More...

Fannie Mae: Scaling the DevOps Enterprise

By Derek Weeks on April 02, 2019 devsecops
Fannie Mae has $100 B in annual revenue, over 7,200 employees, 468 applications and 1,200 software assets. Combine all of that with their unique role of being a government-sponsored, public entity -
Read More...

Nexus Intelligence Insights: CVE-2014-3483 - SQL Injection in PostgreSQL adapter for Active Record against 'range' data type

By Elisa Velarde on March 29, 2019 vulnerability
In this month's Nexus Intelligence Insights we discuss an older component that is used by millions of developers. Say hello to CVE-2014-3483, a SQL injection vulnerability.
Read More...

A Point of Inspiration

By Santi Mulukutla on March 27, 2019 featured
Santi Mulukutla, a Sonatype CSE, shares how she found a point of inspiration from Cynthia Danaher who remained true to her spirit and balanced the technical emphasis needed in STEM with a humanistic
Read More...

Why You Need DevSecOps and Artifact Repositories

By Derek Weeks on March 26, 2019 artifact repository
In her talk at the 2018 Nexus User Conference, Helen Beal, DevOpsologist at Ranger 4, discusses artifact repositories and their role in the DevSecOps toolchain
Read More...

Sonatype and HackerOne eliminate the pain of reporting open source software vulnerabilities

By Bruce Mayhew on March 21, 2019 Everything Open Source
Sonatype has teamed up with HackerOne to build The Central Security Project, a pioneering program that brings together the ethical hacker and open source communities to streamline the process for
Read More...

2019 Nexus User Conference: CFP Now Open

By Janie Gelfond on March 19, 2019 Nexus User Conference
The second annual Nexus User Conference is on June 12. Submit to speak today.
Read More...