Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
Securing Software Supply Chains and Dependency Confusion
READ MORE

Securing software supply chains and dependency confusion — An industry perspective

By Derek Weeks on March 08, 2021 featured

29 minute read time

We sat down with experts from The Linux Foundation, Atlantic Council and Sonatype's own CTO to discuss recent software supply chain attacks, dependency.
Read More...
developers can help protect against SolarWinds like software supply chain attacks
READ MORE

The SolarWinds software supply chain attack: How developers can protect applications

By Derek Weeks on December 22, 2020 vulnerabilities

8 minute read time

The SolarWinds software supply chain attack has made it clear that open source developers need to act now and intelligently manage third party dependencies to.
Read More...
READ MORE

Breaching the U.S. government through software supply chains: Tracing the SolarWinds exploit upstream

By Ax Sharma on December 14, 2020 features

3 minute read time

The U.S.
Read More...
READ MORE

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github

5 minute read time

Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...
READ MORE

Turkish banking agency mandates better software supply chain hygiene

4 minute read time

The Banking Regulation and Supervision Agency has introduced new standards to protect the Turkish citizenry and require banks to more aggressively protect.
Read More...
READ MORE

NIST: Adopt a Secure Software Development Framework (SSDF) to mitigate risk of software vulnerabilities

2 minute read time

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.
Read More...
READ MORE

Managing Nexus API Using Jenkins X

By Steve Boardwell on March 13, 2020 jenkins

6 minute read time

Steve Boardwell demonstrates how to create custom repositories in your Jenkins X managed Nexus server, and what is possible with the Nexus scripting API.
Read More...
manual verification
READ MORE

Why Manual Verification Still Matters

By Peter Morlion on March 10, 2020 AppSec

4 minute read time

We continuously hear the benefits of automation. Jeroen Willemsen explains why we still need to perform manual checks.
Read More...
equality
READ MORE

“Each for Equal”: 2020 International Women’s Day Theme Resonates in DevSecOps Because It Is a Business Issue

By Katie McCaskey on March 06, 2020 women in devops

4 minute read time

Studies demonstrate a variety of immediate and ongoing business advantages accrued by gender diverse teams.
Read More...