Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials
Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
Read More...

DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance
Traditional security techniques using ownership and control rather than trust will not work in the digital world.
Read More...

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

By Matt Howard on October 03, 2017 open source governance
Perspective on what Rick Smith, former Equifax CEO, will say today to Congress this week when he testifies.
Read More...

Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 open source governance
A $50 billion dollar question is begged. What, if anything, could Equifax have done differently to prevent the Struts breach from happening?
Read More...

DevOps and Opportunities in Software Supply Chain Governance

By Wayne Jackson on February 09, 2017 open source governance
Governance has been an evil word for software developers but new approaches unlock massive gains in productivity, reductions in cost, improvements in quality.
Read More...

Government Asks: What’s in Your Software?

Top performing development organizations embrace supply chain management best practices, including use of a Software Bill of Materials (BOM).
Read More...

An Insider's View: Analyzing Software Supply Chains

2016 state of the software supply chain report reveals the volume of open source component usage and quantifies the presence of known vulnerabilities.
Read More...

The 2016 State of Software Supply Chain Report

By Derek Weeks on July 11, 2016 Software Supply Chain
Sonatype’s 2nd Annual Report on Accelerating Software Innovation and Security
Read More...

Automated Nexus Reports on Licenses, Security, and More

By Derek Weeks on August 05, 2015 nexus pro
Automated Nexus Reports on Licenses, Security, and More
Read More...