Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

By Aaron Linskens on December 18, 2023 government

5 minute read time

OpenSSF published a response to CISA's request for comment on their white paper about software identification

Read More...

Gavel with government building behind it

A clear path forward toward more secure and maintainable open source software

By Brian Fox on May 13, 2022 featured

7 minute read time

Sonatype CTO shares thoughts following conversations, led by OpenSSF, where industry and government came together to discuss securing open source software.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

A clear path forward toward more secure and maintainable open source software

Secure your software supply chain

Subscribe for all the latest software security news and events