Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

By Katie McCaskey on August 05, 2019 open source governance
Toyota developed a vehicle production framework, still in use today, that shapes contemporary software supply chain management, too.
Read More...

How to Become an OSS Champion

By Katie McCaskey on July 26, 2019 DevOps Culture
Sonatyper Fernando Cremer shows leaders how to champion open source use in modern software production. Here are his recommendations to drive adoption.
Read More...

Free Software, But No Free Lunch

By Katie McCaskey on July 25, 2019 security
Today's threat surface is the software itself. How can Fortune 100 companies and others protect themselves? One security practice is counterintuitive.
Read More...

Why Software Composition Analysis (SCA) Demands Precision

Software Composition Analysis: Getting to the Signal Through the Noise, by 451 Research, demonstrates Sonatype's leadership in software composition analysis.
Read More...

Using Process Oriented Design (POD) to Increase the Dependability of DevOps Processes

By Derek Weeks on July 23, 2019 Enterprise DevOps
A Process Oriented Design helps DevOps teams create robust software with less downtime risk. Dr. Ingo Weber, an Australian research scientist, explains.
Read More...

Extreme Endurance Required

By Katie McCaskey on July 19, 2019 News and Views
Sonatyper Mark Dodgson will test his physical limits and mental toughness participating in an athletic event that is 10x an Ironman, a first for the UK.
Read More...

A World of Infinite Choice in Open Source Software

The 2019 Software Supply Chain Report explains the development environment we're all living in and what we can learn from exemplar dev teams.
Read More...

GDPR Gets Teeth: British Airways and Marriott Fined

By Ilkka Turunen on July 09, 2019 devsecops
Fines levied at British Airways and Marriott International under GDPR show why data protection must be a central part of the software supply chain.
Read More...

Anonymous Access In Nexus Repository is Not A Zero-Day Vulnerability

By Brian Fox on July 02, 2019 Nexus Repository
A researcher contacted us about an issue in Nexus Repository, stemming from user access settings. This was not a zero day, but a product feature UX change, to make it easier to be more secure - we
Read More...