Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

By Sylvia Fronczak on November 02, 2018 devsecops
A reservoir is created by rivers and streams that flow into it. What if one of those rivers is polluted? It pollutes the whole thing. Similarly, in software, if we add dependencies that are
Read More...

The Key to Enterprises Remaining Competitive Is Safe Open Source

By Erik Dietrich on October 30, 2018 Enterprise DevOps
Enterprises Need Open Source, And Everyone Needs Security. The Only Way Forward Lies in Responsible, Vetted Open Source Governance.
Read More...

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

Just two years ago, SCA was more about helping traditional security professionals identify suspects across a broad spectrum of open source ecosystems. Much has changed since then. Today,
Read More...

What can we learn from 200 Billion JavaScript downloads

By Derek Weeks on February 08, 2018 Javascript
JavaScript packages downloaded from the npm repository now tops 200 billion downloads annually. We dissect what that means for the open source community.
Read More...

Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

By Matt Howard on September 14, 2017 open source governance
A $50 billion dollar question is begged. What, if anything, could Equifax have done differently to prevent the Struts breach from happening?
Read More...