Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Building Microservice Architecture on Kubernetes

By Derek Weeks on August 22, 2019 open source goveranance
Namespace-level isolation is helpful for managing Kubernetes architecture. Also, do not put all things in the default namespace. Keep it simple.
Read More...

Development Velocity Is a Surprisingly Good Thing, Says Researchers

By Katie McCaskey on August 13, 2019 open source governance
Organizations with DevOps culture produce high frequency release schedules and stronger MTTU (mean time to update) response scores, to the benefit of all.
Read More...

NIST Proposes Standards to Secure Government SDLC

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...

Achieving a Managed State Model For Your Software Supply Chain

Secure software development processes share attributes with other human endeavors such as cooking, reading, and sports, says Santi Mulukutla of Sonatype.
Read More...

Managing Infrastructure at Scale with Terraform

By Derek Weeks on June 10, 2019 Open Source
Eighty percent of software outages are due to human error. Jon Brouse shows how Terraform, an open source infrastructure solution, eliminates mistakes.
Read More...

Sonatype and HackerOne eliminate the pain of reporting open source software vulnerabilities

By Bruce Mayhew on March 21, 2019 Everything Open Source
Sonatype has teamed up with HackerOne to build The Central Security Project, a pioneering program that brings together the ethical hacker and open source communities to streamline the process for
Read More...

Build Better Component Practices: Crawl. Walk. Run.

By Sylvia Fronczak on November 06, 2018 component governance
Whether you're just getting started or attempting to take the next step in improving your organization's open source processes, there are lessons you can learn. Sonatype's lead customer success
Read More...

A Lesson in Why “Security by Press Release” Is Detrimental

By Akshay 'Ax' Sharma on November 02, 2018 vulnerabilities
Last week news broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched - sending many into a frenzy. The reality, however, is this is an old vulnerability
Read More...

The Key to Enterprises Remaining Competitive Is Safe Open Source

By Erik Dietrich on October 30, 2018 Enterprise DevOps
Enterprises Need Open Source, And Everyone Needs Security. The Only Way Forward Lies in Responsible, Vetted Open Source Governance.
Read More...