Sonatype Delivers Premium Open Source Controls to GitHub | Press Release
blog-logo Sonatype Blog

Featured Article

Happy Developers Produce More Secure Software, Better Business Outcomes

By Derek Weeks on April 07, 2020 vulnerabilities

The 2020 DevSecOps Community Survey confirms correlations between DevSecOps culture and practices, and their influence on motivation and job satisfaction.

Read More...

SHARE:

Filter by:
enterprise security
READ MORE

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Akshay 'Ax' Sharma on February 17, 2020 vulnerabilities
Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...
Chinese Military Implicated in Equifax Breach
READ MORE

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities
Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.
Read More...
READ MORE

How to Use Sonatype OSS Index to Identify Security Vulnerabilities

By Casey Dunham on January 09, 2020 github
OSS Index enables developers to quickly find vulnerabilities in any library with an easy-to-use search feature. Learn more, and how to access the plugins.
Read More...
GettyImages-674906266
READ MORE

Are You a Fool with a Tool?

By DJ Schleen on November 22, 2019 security
Buckminster Fuller cautioned against prioritizing tools. DevOps should always include discussions of culture, strategy, and process for the best outcomes.
Read More...
GettyImages-1138004657-1
READ MORE

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

By Katie McCaskey on September 13, 2019 security
The largest gathering of Infosec professionals met in Washington, D.C. to discuss the future of web security. Open source software is at the core of it.
Read More...
GettyImages-626241886
READ MORE

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

By Brian Fox on August 23, 2019 open source security
Last month, the RubyGems strong_password component was breached and injected with malicious code. This is only the latest example of bad actors attacking developers at the source.
Read More...
GettyImages-1044578200
READ MORE

NIST Proposes Standards to Secure Government SDLC

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...
GettyImages-943909666-1
READ MORE

DevOps: The Blue Ocean Tide is Rising

By Wayne Jackson on October 04, 2018 open source security
The market for DevOps and DevSecOps automation is super hot. Here's why.
Read More...
READ MORE

Sonatype and Bamboo: Improving Your Builds

By Derek Weeks on March 03, 2015 Software Supply Chain

Sonatype now provides native Atlassian Bamboo support to improve the quality of your build outputs. Sonatype provides instant analysis of open source components used in every Bamboo build and alerts

Read More...
Twitter LinkedIn Facebook Instagram YouTube GitHub
Products
Security Research
Solutions
Resources
About
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 5 Martin Place, Sydney, NSW 2000, Australia 
London Office - 168 Shoreditch High Street, E1 6JE London

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy