Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

By Mike Hoskins on March 04, 2020 npm

5 minute read time

Building good hygiene habits as part of our development practice helps the community at large. Here's how to use Nexus Repository OSS as part of it.
Read More...
SAST, DAST, CSA, OSSM, SCA
READ MORE

Most common security acronyms explained

By DJ Schleen on March 02, 2020 security

8 minute read time

SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, what exactly do they do, and why does it matter?
Read More...
READ MORE

For Distributed Teams, It’s Not All About the Tools

By Mark Kilby on February 26, 2020 Teamwork

4 minute read time

A great distributed team starts with people with strong collaboration skills. The team needs time to understand each other's preferences to deliver value.
Read More...
READ MORE

Gartner: You Must Assess Overall Software Health and Welfare

By Katie McCaskey on February 24, 2020 Gartner

4 minute read time

Gartner reports that mature organizations are expanding open-source management to include health assessment by default.
Read More...
Chinese Military Implicated in Equifax Breach
READ MORE

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities

3 minute read time

Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.
Read More...
crew-4Hg8LH9Hoxc-unsplash
READ MORE

Tara Hernandez Talks Code Rush, Google, DevOps

By Mark Miller on October 29, 2019 DevOps in the Cloud

2 minute read time

Tara Hernandez reflects on her time at Netscape in 1998, how that experience informs her present work, and what DevOps trends continue to evolve.
Read More...
vanveenjf-Vqa8Ms7DPG4-unsplash (1)
READ MORE

What Developers Need to Know About WhatsApp's Recent Security Dilemma

By Katie McCaskey on October 08, 2019 AppSec

3 minute read time

Sonatype issues an Advisory Deviation Notice for CVE-2019-11932, a vulnerability that exploits processor memory and recently affected WhatsApp.
Read More...
GettyImages-1029077170
READ MORE

Sonatype Hosts Global Gatherings of DevSecOps Leaders and Innovators

By Katie McCaskey on October 04, 2019 thought leaders

4 minute read time

October is dedicated to intimate gatherings of DevSecOps professionals, thought leaders, and decision makers in cities across North America and Europe.
Read More...
BrokenWall
READ MORE

Security Should Stop Being a Drag

By DJ Schleen on September 06, 2019 deployment

3 minute read time

An application should withstand automated, manual, or user testing. Security vulnerabilities, although extremely important, are in reality non-functional.
Read More...