The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government
Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.
Read More...

Sonatype CEO on The Future of the Software Supply Chain

Sonatype's CEO Wayne Jackson talked about Maven, the software supply chain, and speed vs. security no longer being at odds, at the 2020 Nexus User Conference.
Read More...

How to Use Gitlab-CI with Nexus

By Sudipt Sharma on August 14, 2019 Nexus Repository
Sudipt Sharma demonstrates how to establish a CI/CD pipeline using gitlab-ci and deploying artifacts to Nexus Repository.
Read More...

Getting Started With Sonatype DepShield: An Introduction

By Casey Dunham on May 06, 2019 github
Sonatype’s GitHub application DepShield scans your GitHub repository and analyzes dependencies for known vulnerabilities. The best part is that it’s free!
Read More...

Build Better Component Practices: Crawl. Walk. Run.

By Sylvia Fronczak on November 06, 2018 component governance
Whether you're just getting started or attempting to take the next step in improving your organization's open source processes, there are lessons you can learn. Sonatype's lead customer success
Read More...

How to Deploy a Jenkins Cluster on AWS as Part of a Fully Automate CI/CD Platform

By Mohamed Labouardy on November 05, 2018 jenkins
Following his Nexus User Conference talk on how to build a fully automated CI/CD platform on AWS, using Terraform, Packer & Ansible, Mohamed Labouardy goes even deeper, discussing how to deploy a
Read More...

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

By Sylvia Fronczak on November 02, 2018 devsecops
A reservoir is created by rivers and streams that flow into it. What if one of those rivers is polluted? It pollutes the whole thing. Similarly, in software, if we add dependencies that are
Read More...

The Key to Enterprises Remaining Competitive Is Safe Open Source

By Erik Dietrich on October 30, 2018 Enterprise DevOps
Enterprises Need Open Source, And Everyone Needs Security. The Only Way Forward Lies in Responsible, Vetted Open Source Governance.
Read More...

9 Top DevOps Conferences — A Developer's Picks

By Dave Farinelli on October 02, 2018 DevOps Days
With so many excellent DevOps conferences in the market, sometimes it's hard to choose what to attend. Here's the top 9 DevOps conference developer Dave Farinelli suggests looking into.
Read More...