Featured Article

Introducing Our 8th Annual State of the Software Supply Chain Report

By Stephen Magill on October 18, 2022 State of the Software Supply Chain

Announcing the arrival of our 8th Annual State of the Software Supply Chain Report looking at managing open source security, industry trends, and more.

Read More

Major Government Attack Highlights How Log4j is Still Unresolved

By Luke Mcbride on March 11, 2022 vulnerabilities

4 minute read time

Despite all the attention and effort so far this year, this open source vulnerability found a it’s first major victim in multiple U.S. State governments.

Read More...

Image of the White House to represent President Biden's 2021 Cybersecurity Executive Order

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government

3 minute read time

NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.

Read More...

image of notebook with checkmarks representing software bill of materials

SBOM – From the Idea of Transparency to the Reality of Code

By Mark Henke on June 24, 2021 software bill of materials

4 minute read time

Allan Friedman from the NTIA has been working on SBOM standards in government and industry, for years. He spoke at ELEVATE 2021 about their status and future.

Read More...

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government

2 minute read time

Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.

Read More...

NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

By Jason Green on June 11, 2020 government open source software (GOSS)

2 minute read time

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.

Read More...

Six Memorable Sessions With Government DevSecOp Leaders: What We Learned

By Jason Green on May 07, 2020 Cybersecurity

4 minute read time

Chris Roberts, Ron Ross, Katie Arrington, Nicolas Chaillan, and Lauren Knausenberger join Sonatype leadership to discuss security trends in the government.

Read More...

Federal DevSecOps Leaders: It's Time to Join The Conversation

By April Downey on April 10, 2020 government open source software (GOSS)

3 minute read time

The DevSecOps Government Leadership Forum, typically hosted in Washington, D.C., will be hosted online so government leaders everywhere can participate.

Read More...

Department of Defense DevSecOps Journey

By Sylvia Fronczak on March 30, 2020 government

3 minute read time

The DevSecOps stack is open source and open to the public. Everything is infrastructure as code and can run on any environment, leveraging Kubernetes.

Read More...

Top 6 Reasons the Time is Now for DevSecOps in the Federal Government

By Jason Green on March 25, 2020 Cybersecurity

2 minute read time

By playing better offense at the beginning of the digital supply chain, federal agencies can better protect themselves and the American citizenry.

Read More...

Software composition analysis

Container Security

CODE QUALITY ANALYSIS

Repository MANAGEMENT

Complete Platform

Book a Demo

For Professionals

For Industries

Content

CUSTOMER Portal

Integrations & Free Tools

About us

Contact Us

Sonatype Blog

Introducing Our 8th Annual State of the Software Supply Chain Report

Major Government Attack Highlights How Log4j is Still Unresolved

What Does NIST’s Definition of Critical Software Mean to You?

SBOM – From the Idea of Transparency to the Reality of Code

Katie Arrington discusses making development move at the speed of relevance

NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

Six Memorable Sessions With Government DevSecOp Leaders: What We Learned

Federal DevSecOps Leaders: It's Time to Join The Conversation

Department of Defense DevSecOps Journey

Top 6 Reasons the Time is Now for DevSecOps in the Federal Government

Products

Free Tools

Solutions

Resources

Customer Portal

Company