Featured Article
Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day
Dependency mapping: A beginner's guide
8 minute read time
Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.
Read More...
A guide for open source software (OSS) security
6 minute read time
Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains
Read More...
Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module
3 minute read time
A malicious PyPI package ‘VMConnect’ designed to resemble VMware vSphere Connector Module was caught by Sonatype’s automated malware detection systems
Read More...
Cyber Resilience Act: The future of software in the European Union
6 minute read time
Discover what the EU Cyber Resilience Act entails and what the consequences might be for open source and software development overall
Read More...
A closer look: Differentiating software vulnerabilities and malware
7 minute read time
Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain
Read More...
npm manifest confusion – what is it and do you really need to worry about it?
Read More...
Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Read More...
Sonatype sponsoring Red Hat Summit on May 23-25 in Boston
3 minute read time
A look at the yearly open source event for IT professionals to learn, collaborate, and innovate, including suggestions for visitors and talks.
Read More...
7 software license types explained: Open source and closed source
7 minute read time
Navigate the complexities of software licenses with this comprehensive guide. Explore their differences, implications, & management strategies.
Read More...