Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

3 Reasons Manual Policies Just Don’t Work

By Derek Weeks on June 10, 2014 Cyber Supply Chain Management and Transparency Act

2 minute read time

Over the past four years, Sonatype has surveyed open source development organizations and year after year, we find that developers have the best intentions.

Read More...

5 Things You Need to Know About Open Source Components

By Mark Miller on June 04, 2014 Cyber Supply Chain Management and Transparency Act

5 minute read time

You can't get away from it. Thousands of open source components are being used in every industry, every day, to quickly build and deploy applications.

Read More...

Cheeseburger Risk: Not for the Faint of Heart

By Derek Weeks on May 20, 2014 Cyber Supply Chain Management and Transparency Act

3 minute read time

If you had a heart attack, would you stop eating cheeseburgers? For most people, the answer is “No”.

Read More...

4 Open Source Components You Need to Update Right Now

By Brian Fox on May 07, 2014 Cyber Supply Chain Management and Transparency Act

8 minute read time

Heartbleed has put the security community on notice: it is time to take a harder look at the security status of open source components and frameworks.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

3 Reasons Manual Policies Just Don’t Work

5 Things You Need to Know About Open Source Components

Cheeseburger Risk: Not for the Faint of Heart

4 Open Source Components You Need to Update Right Now

Secure your software supply chain

Subscribe for all the latest software security news and events