Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

DevOps pioneers navigate organizational transformation

By Aaron Linskens on April 18, 2024 Devops

4 minute read time

Read about Sonatype’s DevOps Download webinar with Gene Kim who discusses how DevOps pioneers are catalyzing significant shifts within organizations

Read More...

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

11 minute read time

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More...

Streamline your SBOM management with SBOM Manager

By Omar Torres on March 19, 2024 Product Release

4 minute read time

Discover Sonatype's new world-class tool designed to streamline the way you manage software bills of materials (SBOMs) across all of your software

Read More...

Secure Software Development Attestation Form: Sonatype helps you comply

By Ilkka Turunen on March 14, 2024 secure software supply chain

6 minute read time

The CISA Secure Software Development Attestation Form sets cybersecurity standards for US Federal agency software purchases. Learn how Sonatype helps you comply with SSDF guidelines.

Read More...

What are SBOM standards and formats?

By Aaron Linskens on March 08, 2024 software bill of materials

6 minute read time

Explore the nuances of SBOM standards and formats, charting a course through the complexities that shape software transparency and security today

Read More...

Women in cybersecurity: On the shoulders of giants

By Ankita Lamba on March 07, 2024 women in devops

5 minute read time

For Women's History Month, learn about ten women who are experts in their fields and shaping the future of the cybersecurity landscape

Read More...

Embracing the AI revolution: Navigating the impact on developers

By Aaron Linskens on March 04, 2024 Software Supply Chain

4 minute read time

Explore Sonatype's whitepaper, The Effects of AI on Developers, highlighting the challenges, opportunities, and transformative effects generative AI.

Read More...

A demand for real consequences: Sonatype's response to CISA's Secure by Design

By Brian Fox on February 23, 2024 thought leaders

7 minute read time

Sonatype's founder and CTO Brian Fox discusses more stringent enforcement mechanisms to encourage wider adoption of secure development practices

Read More...

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

By Jeff Wayman on October 31, 2023 Cybersecurity

5 minute read time

Read about how the Securities and Exchange Commission charged SolarWinds and its chief information security officer for violating federal securities laws

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

DevOps pioneers navigate organizational transformation

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Streamline your SBOM management with SBOM Manager

Secure Software Development Attestation Form: Sonatype helps you comply

What are SBOM standards and formats?

Women in cybersecurity: On the shoulders of giants

Embracing the AI revolution: Navigating the impact on developers

A demand for real consequences: Sonatype's response to CISA's Secure by Design

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

Secure your software supply chain

Subscribe for all the latest software security news and events