npm manifest confusion – what is it and do you really need to worry about it?
Read More...
Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Read More...
Sonatype sponsoring Red Hat Summit on May 23-25 in Boston
3 minute read time
A look at the yearly open source event for IT professionals to learn, collaborate, and innovate, including suggestions for visitors and talks.
Read More...
7 software license types explained: Open source and closed source
7 minute read time
Navigate the complexities of software licenses with this comprehensive guide. Explore their differences, implications, & management strategies.
Read More...
Another SolarWinds? The latest software supply chain attack on 3CX
6 minute read time
Get insights on the recent 3CX software supply chain attack and the growing importance of effective dependency management to protect against cyberattacks.
Read More...
Post-conference tech spec: Why building your ship (application) with raw materials is a bad idea
10 minute read time
Get all the details of the presentation that Jamie Coleman, Developer Advocate on Sonatype’s Developer Relations team, gave at Voxxed Days Zurich 2023.
Read More...
Sonatype Lifecycle enhancements boost speed, security, and productivity
6 minute read time
Sonatype Lifecycle’s new feature enhancements elevate security posture, developer productivity, and operational excellence. Read on for the full details.
Read More...
New design, new feature: Maven Central improvements for developers
2 minute read time
Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.
Read More...
Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...