White House releases executive order on America's software supply chains

By Derek Weeks on February 25, 2021 secure software supply chain

3 minute read time

Following recent SolarWinds attacks on multiple government agencies, US President Biden calls for comprehensive reviews of software supply chains.
Read More...

How to establish an open source program office

By Mark Henke on June 24, 2020 open source governance

3 minute read time

Develop an open source software program office to streamline use and compliance. By aligning goals with success metrics, the value of the office is clear.
Read More...

Developers Gain Contextual Feedback with Automated Pull Request Commenting

By Kevin Miller on March 31, 2020 github

2 minute read time

Pull request comments provide contextual information about the individual branch a developer is working on, and changes that they may have introduced.
Read More...

Keep GitHub Dependencies Secure With Nexus Lifecycle's Automated Pull Requests

By Michelle Dufty on November 12, 2019 new features

2 minute read time

Sonatype has been the world’s premier provider of open source health and hygiene data. Now, it's bringing that data to GitHub with six new Nexus integrations.
Read More...

Deloitte Names Sonatype in ‘Technology Fast 500’ for Fourth Consecutive Year

By Katie McCaskey on November 07, 2019 open source governance

3 minute read time

Sonatype ranks in Deloitte's Technology Fast 500™ for a fourth year. Recognized as a top 30 company in the D.C. area, this award follows several others.
Read More...

Development Velocity Is a Surprisingly Good Thing, Says Researchers

By Katie McCaskey on August 13, 2019 open source governance

2 minute read time

Organizations with DevOps culture produce high frequency release schedules and stronger MTTU (mean time to update) response scores, to the benefit of all.
Read More...

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

By Katie McCaskey on August 05, 2019 open source governance

3 minute read time

Toyota developed a vehicle production framework, still in use today, that shapes contemporary software supply chain management, too.
Read More...

A World of Infinite Choice in Open Source Software

3 minute read time

The 2019 Software Supply Chain Report explains the development environment we're all living in and what we can learn from exemplar dev teams.
Read More...

Three Days of DevSecOps: Lessons from Equifax

By Derek Weeks on September 25, 2018 open source governance

2 minute read time

In 2017, one might have considered "three days" to be the new normal for lead time for changes in DevSecOps. In 2018, that window closed to "one second".
Read More...