Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices

By Derek Weeks on June 25, 2019 Software Supply Chain
Our 2019 State of the Software Supply Chain Report Reveals Best Practices From 36,000 OSS Dev Teams and 12,000 commercial software engineering teams.
Read More...

DevOps Culture: The Neuroscience of Behavior

By Katie McCaskey on June 18, 2019 devsecops
Helen Beal of Ranger4 takes a look at how the brain works, and what that means for cultural transformation. This is your brain on DevOps.
Read More...

OSS Endgame: Nexus Firewall as Your Shield Against Open Source Invasions

By Erik Dietrich on June 12, 2019 Nexus Firewall
Put simply, Nexus Firewall enables the heroes. Mike Van Doren walked through how to get started using it at the 2019 Nexus User Conference.
Read More...

Maturing DevOps in TD Bank

By Erik Dietrich on June 12, 2019 Devops
TD Bank has big global growth goals, but are also working toward a huge digital transformation. This combo has driven the need for organizational change toward DevOps. TD Bank shared their story at
Read More...

Containers Are Just Another Piece of the Puzzle - Protect Them To Secure Your Business

By Erik Dietrich on June 12, 2019 devsecops
Saying - let's start using containers - isn't a solution. It's just a piece of a much larger puzzle. At the 2019 Nexus User Conference, ABN AMRO shared how you should start to tackle it.
Read More...

Malicious Code Injection Strikes Again as npm Foils $13M Cryptocurrency Theft

By Derek Weeks on June 07, 2019 vulnerabilities
The latest attempt at a cryptocurrency heist demonstrates how open source software components are used throughout the cryptocurrency ecosystem.
Read More...

What is the Definition of DevOps?

By Ember DeBoer on June 06, 2019 devops best practices
DevOps is more than a combination of two words. But what is it, exactly? This post dispels some of the common misconceptions around DevOps.
Read More...

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

By Elisa Velarde on May 31, 2019 vulnerabilities
We're demystifying the jackson-databind and block polymorphic deserialization (CVE-2018-14721), which is vulnerable to Remote Code Execution.
Read More...

Disrupt Yourself or Be Disrupted

You must continuously innovate to remain competitive. Researcher David Robinson has some tips to guide your experiments and harness new ideas.
Read More...