The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github
Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...

NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.
Read More...

Building Microservice Architecture on Kubernetes

By Derek Weeks on August 22, 2019 open source goveranance
Namespace-level isolation is helpful for managing Kubernetes architecture. Also, do not put all things in the default namespace. Keep it simple.
Read More...

NIST Proposes Standards to Secure Government SDLC

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...

You Can't Manage What You Can't See: Open Source Governance Starts with Visibility

By Derek Weeks on December 17, 2018 open source goveranance
During the interview, Richard Spires, former CIO at the Internal Revenue Service and now CEO of Learning Tree International, said one of the biggest takeaways from the report is “you can’t protect
Read More...

Doctor, Doctor, Can't You See?  Congress Calls for Cybersecurity.

By Derek Weeks on November 17, 2017 software bill of materials
Congressman Walden sent a letter to the U.S. Department of Health and Human Services (HHS) requesting a software bill of materials (SBOM).
Read More...

Internet of Things Cybersecurity Improvement Act of 2017

By Derek Weeks on August 01, 2017 open source goveranance
Internet of Things Cybersecurity Improvement Act of 2017
Read More...

The Trump White House Takes Aim at Cybersecurity

The Trump White House Takes Aim at Cybersecurity. Introduces Executive Order: STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE.
Read More...

The Open Source Software Index is BOSS!  Here's Why.

By Matt Howard on April 09, 2017 open source goveranance
Dharmesh Thakker from Battery Ventures unveiled the Battery Open-Source Software Index. Beyond it's clever name, the index is BOSS for four reasons.
Read More...