Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
AI generated image of two purple robots fighting against the background of blue and purple fire
READ MORE

PGP vs. sigstore: A recap of the match at Maven Central

7 minute read time

We put code-signing tools PGP and sigstore in a head-to-head match with Maven Central users to find a winner. The results may surprise you.
Read More...
Illustrated picture of lightning bults with skulls raining down on 3 umbrellas
READ MORE

EU Cyber Resilience Act: Good for software supply chain security, bad for open source?

By Brian Fox on December 22, 2022 secure software supply chain

10 minute read time

The Cyber Resilience Act is the European Union's proposed regulation to combat threats affecting any digital entity. What does that mean for open source?
Read More...
A structure of blocks being stacked up
READ MORE

Perception versus reality: A data-driven look at open source risk management

By Luke Mcbride on November 11, 2022 vulnerability

2 minute read time

Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.
Read More...
Woman interacting with a floating display
READ MORE

Open source best practices for higher quality code to fundamentally strengthen your project

By Aaron Linskens on November 09, 2022 Open Source

8 minute read time

A look at some basic practices for higher quality code to help fundamentally strengthen your project.
Read More...
READ MORE

An open source maintainer's best practice: How to use SBOMs to root out project vulnerabilities

By Aaron Linskens on October 25, 2022 Open Source

6 minute read time

The second entry in Sonatype's series for Security Slam explores how your project can benefit from the use of a software bill of materials (SBOM).
Read More...
Person typing on laptop
READ MORE

Stop the low-quality contribution plague

By Eddie Knight on October 20, 2022 Open Source

5 minute read time

You’ve heard the phrase. Today we talk about how to actually low quality when contributing to open source projects.
Read More...
READ MORE

Open source best practices: Key documents to help welcome new contributors to your project

By Aaron Linskens on October 17, 2022 Open Source

5 minute read time

This series of blog posts on best practices for open source maintainers was created in partnership with CNCF for Sonatype's Security Slam event.
Read More...
READ MORE

How to become a new open source contributor

By Eddie Knight on October 13, 2022 developer centric

4 minute read time

There is no perfect recipe for getting involved with an OSS community, but there are some things you can do to help you get past the barriers to entry.
Read More...
READ MORE

Rule over your dependencies and scan at your own open source risk

By Aaron Linskens on September 13, 2022 vulnerabilities

5 minute read time

A good way to make sure that your organization's vulnerabilities don't go unnoticed is conducting regular scans of open source used in your environments.
Read More...