Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Managing Infrastructure at Scale with Terraform

By Derek Weeks on June 10, 2019 Open Source
Eighty percent of software outages are due to human error. Jon Brouse shows how Terraform, an open source infrastructure solution, eliminates mistakes.
Read More...

Sonatype and HackerOne eliminate the pain of reporting open source software vulnerabilities

By Bruce Mayhew on March 21, 2019 Everything Open Source
Sonatype has teamed up with HackerOne to build The Central Security Project, a pioneering program that brings together the ethical hacker and open source communities to streamline the process for
Read More...

Build Better Component Practices: Crawl. Walk. Run.

By Sylvia Fronczak on November 06, 2018 component governance
Whether you're just getting started or attempting to take the next step in improving your organization's open source processes, there are lessons you can learn. Sonatype's lead customer success
Read More...

A Lesson in Why “Security by Press Release” Is Detrimental

By Akshay 'Ax' Sharma on November 02, 2018 vulnerabilities
Last week news broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched - sending many into a frenzy. The reality, however, is this is an old vulnerability
Read More...

The Key to Enterprises Remaining Competitive Is Safe Open Source

By Erik Dietrich on October 30, 2018 Enterprise DevOps
Enterprises Need Open Source, And Everyone Needs Security. The Only Way Forward Lies in Responsible, Vetted Open Source Governance.
Read More...

New JavaScript intelligence now available in the Nexus Platform

By Michelle Dufty on August 29, 2018 Nexus Lifecycle
Nexus Intelligence now includes expanded coverage for JavaScript to identify hidden JS files not found in other solutions and a new user experience to identify and remediate JS vulnerabilities faster.
Read More...

Introducing Sonatype DepShield: Free for GitHub Developers

By Michelle Dufty on August 14, 2018 github
Today, Sonatype announced Sonatype DepShield, a new GitHub application that enables developers to experience basic open source governance, free of charge.
Read More...

Open Sourcing npm in Nexus Repository Manager 3

By Joseph Stephens on April 02, 2018 npm
Open Sourcing npm in Nexus Repository Manager 3
Read More...

Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

By Mark Miller on March 20, 2018 Open Source
In this episode of the OWASP 24/7 Podcast Series, I speak with the research team at Semmle on how they discovered the Pivotal Spring framework vulnerability.
Read More...