Perception Versus Reality: a Data-Driven Look at Open Source Risk Management

By Luke Mcbride on November 11, 2022 vulnerability

2 minute read time

Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.

Open Source Basic Practices for Higher Quality Code to Fundamentally Strengthen Your Project

By Aaron Linskens on November 09, 2022 Open Source

8 minute read time

A look at some basic practices for higher quality code to help fundamentally strengthen your project.

An Open Source Maintainer’s Best Practice: How to Use SBOMs to Root Out Project Vulnerabilities

By Aaron Linskens on October 25, 2022 Open Source

7 minute read time

The second entry in Sonatype's series for Security Slam explores how your project can benefit from the use of a software bill of materials (SBOM).

Stop the Low-Quality Contribution Plague

By Eddie Knight on October 20, 2022 Open Source

5 minute read time

You’ve heard the phrase. Today we talk about how to actually low quality when contributing to open source projects.

Open Source Best Practices: Key Documents to Help Welcome New Contributors to Your Project

By Aaron Linskens on October 17, 2022 Open Source

5 minute read time

This series of blog posts on best practices for open source maintainers was created in partnership with CNCF for Sonatype's Security Slam event.

How to Become a New Open Source Contributor

By Eddie Knight on October 13, 2022 developer centric

4 minute read time

There is no perfect recipe for getting involved with an OSS community, but there are some things you can do to help you get past the barriers to entry.

Rule Over Your Dependencies and Scan at Your Own Open Source Risk

By Aaron Linskens on September 13, 2022 vulnerabilities

5 minute read time

A good way to make sure that your organization's vulnerabilities don't go unnoticed is conducting regular scans of open source used in your environments.

Open Source Licensing Shift: Fedora Blocks Creative Commons CC0

By Luke Mcbride on August 01, 2022 Nexus Lifecycle

6 minute read time

Recent news of a popular license no longer allowed in open source projects underlines the ongoing evolution of licenses and legal risk.

What’s New With Java? A Discussion With the London Java Community

3 minute read time

What's new with Java? Musings from the recent London Java Community event, Including insight on Java 11 and Java 17 migration, Static Java, UI technology.