What We Learned from Studying 36,000 OSS Projects | Press Release

blog-logo Sonatype Blog

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

By Katie McCaskey on September 13, 2019 security
The largest gathering of Infosec professionals met in Washington, D.C. to discuss the future of web security. Open source software is at the core of it.
Read More...

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

By Brian Fox on August 23, 2019 open source security
Last month, the RubyGems strong_password component was breached and injected with malicious code. This is only the latest example of bad actors attacking developers at the source.
Read More...

NIST Proposes Standards to Secure Government SDLC

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...

DevOps: The Blue Ocean Tide is Rising

By Wayne Jackson on October 04, 2018 open source security
The market for DevOps and DevSecOps automation is super hot. Here's why.
Read More...

Sonatype and Bamboo: Improving Your Builds

By Derek Weeks on March 03, 2015 Software Supply Chain

Sonatype now provides native Atlassian Bamboo support to improve the quality of your build outputs. Sonatype provides instant analysis of open source components used in every Bamboo build and alerts

Read More...

Who is Nigel Simpson? (Lessons of Open Source Governance)

By Derek Weeks on October 28, 2014 Sonatype Says
Who is Nigel Simpson? (Lessons of Open Source Governance)
Read More...

Securosis Dives Deep into our 2014 Survey

There are two ways to motivate others to action: emotional appeal and fact based analysis. Our 2014 Open Source and Application Security survey results touched on both. We've run this survey for the

Read More...

Code Snippet Scanning: Is it Really Needed Anymore?

By Brian Fox on April 03, 2014 Sonatype Says

Code snippet scanning is a common question we get from prospects. We typically try to dig at why the prospect actually thinks they need snippet matching. We think this comes from mis-informed demand.

Read More...