Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Sonatype and SVA join forces to help companies develop better, more secure software

By Stephen Bryans on January 19, 2021 News and Views
Sonatype and SVA, one of Germany’s leading system integrators, partner to help enterprise customers create vital open source security and SCA programs and protect their applications.
Read More...

Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product?

By Michael Griffin on December 23, 2020 News and Views
Sonatype is continuing to monitor the SolarWinds situation and our investigation is ongoing, but we can confirm that we do not use the SolarWinds Orion platform nor have we found any evidence of the
Read More...

The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications

By Derek Weeks on December 22, 2020 vulnerabilities
The SolarWinds software supply chain attack has made it clear that open source developers need to act now and intelligently manage third party dependencies to protect their apps.
Read More...

Breaching the U.S. Government through software supply chains: tracing the SolarWinds exploit upstream

By Ax Sharma on December 14, 2020 features
The U.S. Government and FireEye experienced breaches due malicious software code injected upstream in the software supply chain of of their vendor, SolarWinds, where it would then flow downstream
Read More...

Open Source and Cloud Security Together at Last

By Kevin Miller on November 12, 2020 Nexus Lifecycle
Sonatype and Fugue partner to combine Open Source and Cloud Security and Compliance
Read More...

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github
Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...

Turkish Banking Agency Mandates Better Software Supply Chain Hygiene

The Banking Regulation and Supervision Agency has introduced new standards to protect the Turkish citizenry and require banks to more aggressively protect customer data, payment information and
Read More...

What I Learned from DevSecOps Leaders in a High Tech World

By Sara Budsock on October 16, 2020 devsecops
DevSecOps leaders from FISERV, Sirius XM, NBC Universal, OneTrust, Estée Lauder, PointClickCare, and Micro Focus, share how DevSecOps adoptions is adding value to their organizations.
Read More...

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

By Brian Fox on October 07, 2020 Nexus Lifecycle
Sonatype's Advanced Development Pack will fundamentally change how teams manage code dependencies.
Read More...