The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Your Guide to AppSec Tools: SAST or SCA?

By Alyssa Shames on April 16, 2020 AppSec
Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...

Gartner: You Must Assess Overall Software Health and Welfare

By Katie McCaskey on February 24, 2020 Gartner
Gartner reports that mature organizations are expanding open-source management to include health assessment by default.
Read More...

Gartner: The Crucial Role of OSS License Compliance

Gartner's SCA recommendations include deep understanding of OSS licensing. Operating without license compliance, intentionally or not, invites peril.
Read More...

Gartner: Mitigate Risk By Hardening the Software Supply Chain

By Katie McCaskey on December 12, 2019 Sonatype Nexus
As Gartner explains, key to mitigating open source risk, is a hardened software supply chain. But, where do you start?
Read More...

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials
Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...

Gartner Goes Development-Centric

By Derek Weeks on September 11, 2014 Sonatype Says

Recently, Gartner published a new research report that says by 2016, “the vast majority of mainstream IT organizations will leverage nontrivial elements of open source software (directly or

Read More...

What's Happening in the Land of Open Source Components

By Derek Weeks on November 27, 2013 PCI

We continue to see exponential growth in requests from the Central Repository. In fact, there were 8 Billion requests in 2012 - and it is looking like this year will total up to 13 Billion

Read More...

12 Takeaways from Gartner Security & Risk Management Summit

By Derek Weeks on June 21, 2013 Sonatype Says
12 Takeaways from Gartner Security & Risk Management Summit
Read More...

IT Supply Chain - Will Yours be Compromised?

By Derek Weeks on October 29, 2012 Sonatype Says
IT Supply Chain - Will Yours be Compromised?
Read More...