The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government
Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.
Read More...

Sonatype CEO on The Future of the Software Supply Chain

Sonatype's CEO Wayne Jackson talked about Maven, the software supply chain, and speed vs. security no longer being at odds, at the 2020 Nexus User Conference.
Read More...

Introducing our 2020 State of the Software Supply Chain Report

By Derek Weeks on August 12, 2020 Software Supply Chains
Sonatype's 2020 State of the Software Supply Chain Report shows that faster innovation and better risk management do not have to be mutually exclusive.
Read More...

Trust and Courage are Essential to a Strong Team Culture

By Keith Sprochi on July 02, 2020 leadership
A healthy work culture is invaluable. I think that the Sonatype culture has two main ingredients: trust and courage.
Read More...

Custom Node Module Management using Private npm Registry Configured in Nexus Repository

By Nipun Thilakshan on June 17, 2020 How-To
How to configure a private npm registry in Sonatype Nexus Repository, and how to publish and consume custom Node.js modules in your projects.
Read More...

Observability Made Easy with Synthetic Monitoring

By Erik Dietrich on June 16, 2020 python
A small number of apps disproportionately skewed aggregate metrics and sent false alarms. The solution was DIY synthetic monitoring using Python.
Read More...

Using a Software Bill of Materials (SBOM) is Going Mainstream

Crazy: OWASP A9 is about to turn seven and the DevSecOps Community Survey shows less than half of organizations can produce a Software Bill of Materials.
Read More...

Octopus Scanner Compromises 26 OSS Projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity
The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...

UPDATE: 21 SaltStack Breaches with 2,900 Still Vulnerable

By Derek Weeks on May 31, 2020 vulnerabilities
When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?
Read More...