Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Meet an open source developer - A.J. Brown

By Aaron Linskens on February 27, 2023 Open Source

5 minute read time

A.J. Brown, a Principal Engineer at Sonatype, discusses his journey and career in open source as part of our series for World Open Source Day 2023.
Read More...
READ MORE

Meet an open source developer - Lex Vorona

By Aaron Linskens on February 17, 2023 Open Source

8 minute read time

Lex Vorona, a Software Engineer at Sonatype, discusses his journey and career in open source as part of our series for World Open Source Day 2023.
Read More...
READ MORE

Meet an open source developer - Allie Sierra

By Aaron Linskens on February 14, 2023 Open Source

5 minute read time

Allie Sierra, Engineering Manager at Sonatype, discusses her journey and career in open source as part of our series for World Open Source Day 2023.
Read More...
READ MORE

Are unnecessary vulnerabilities polluting your software supply chain?

7 minute read time

As malicious software supply chain attacks continue to evolve, so do the ways that bad actors exploit vulnerable libraries.
Read More...
READ MORE

Meet an open source developer - Theresa Mammarella

By Aaron Linskens on February 03, 2023 Open Source

3 minute read time

Theresa Mammarella, Developer Advocate on the DevRel team at Sonatype, discusses her journey and career in open source for World Open Source Day 2023.
Read More...
READ MORE

Dependency management: Versions choice and the software supply chain

6 minute read time

The components that software developers rely upon are moving forward, but effective software supply chain management is more than being up to date.
Read More...
READ MORE

Sonatype Lifecycle boosts open source security and dependency management

10 minute read time

Nexus Lifecycle is designed to monitor for problems at every stage of the software development life cycle (SDLC) and automatically address them.
Read More...
READ MORE

Best practices in dependency management: Cooking a meal of gourmet code

5 minute read time

Close to 85% of every application is open source software. Better understanding your software supply chain starts with understanding dependency management.
Read More...
READ MORE

SCA and SAST: What do they do and how can they help developers like you?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...