Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

By Aaron Linskens on September 12, 2023 Software Supply Chain

4 minute read time

Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders
Read More...
READ MORE

npm manifest confusion – What is it and do you really need to worry about it?

By Ax Sharma on June 28, 2023 npm

4 minute read time

npm manifest confusion – what is it and do you really need to worry about it?
Read More...
READ MORE

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

By Ax Sharma on June 22, 2023 vulnerability

3 minute read time

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Read More...
READ MORE

Sonatype named a leader in The Forrester Wave™ for software composition analysis

By Tara Flynn Condon on June 15, 2023 Forrester

3 minute read time

The Sonatype platform named a Leader in the 2023 Forrester Wave for SCA.
Read More...
Screen Shot of Gartner Application Security Testing Report
READ MORE

Sonatype named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

By Tara Flynn Condon on May 23, 2023 AppSec

4 minute read time

Sonatype is named to the 2023 Gartner Magic Quadrant for Application Security Testing (AST).
Read More...
READ MORE

Can the open source community save Europe from the Cyber Resilience Act?

By Jeff Wayman on April 27, 2023 thought leaders

7 minute read time

Examine the open source community's response to the EU Cyber Resilience Act, and its potential consequences for the future of innovation & collaboration.
Read More...
READ MORE

Explore a refreshed Sonatype Platform: New features, new product names

By Sonatype on April 25, 2023 featured

4 minute read time

Sonatype has new capabilities, improved security, and brand new product names. Learn more about the revamped Sonatype Platform.
Read More...
Claw grabber picking up a bad component
READ MORE

Protecting software developers from malware with AI/ML insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.
Read More...
READ MORE

Malware Monthly - March 2023

12 minute read time

March 2023's Malware Monthly dives into a series of information stealers uploaded to the PyPI registry, the latest OpenAI data leak, and more.
Read More...