Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
Person typing on laptop
READ MORE

Stop the low-quality contribution plague

By Eddie Knight on October 20, 2022 Open Source

5 minute read time

You’ve heard the phrase. Today we talk about how to actually low quality when contributing to open source projects.
Read More...
Stylized shaking hands photo
READ MORE

Why companies should contribute to open source – and how to do it

By Matt Freeland on February 03, 2022 Community

7 minute read time

Your company relies on open source projects; giving back to them can reduce tech debt, accelerate innovation, and reduce your developers’ cognitive load. 
Read More...
Man looking down a tunnel
READ MORE

Beyond coding: Changing developer roles

By Karin Althaus on August 27, 2021 DevOps Culture

9 minute read time

Developers are increasingly taking center-stage, assuming more responsibilities and tasks. But what does this mean for developers themselves?
Read More...
woman working from home with child on her lap
READ MORE

The Benefits of Remote Work Beyond Avoiding the Coronavirus (COVID-19)

By Mike Hansen on March 11, 2020 remote

3 minute read time

The advantages we've realized with Sonatype's remote organization are evident. Here, lessons for anyone new to working from home to avoid the Coronavirus.
Read More...
GettyImages-1135437330
READ MORE

GDPR One Year On: Increasing Demand for "Security By Design"

3 minute read time

GDPR's influence is becoming more and more evident in software development. What comes next for teams in the EU and elsewhere as the policy turns 1?
Read More...
GettyImages-1055709678
READ MORE

In the Dark about Software Supply Chain Vulnerabilities

By Matt Howard on May 16, 2019 vulnerability

2 minute read time

The Barium attacks, revealed earlier this month, highlight new, pervasive tactics that are exceptionally dangerous.
Read More...
GettyImages-1038975072
READ MORE

Software Composition Analysis: A Matter of Perspective (and Experience)

2 minute read time

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At.
Read More...
2019 Updated-1
READ MORE

Application Security Risk in 2019: It's All About The Supply Chain

By Matt Howard on December 28, 2018 AppSec

5 minute read time

Cyber criminals are intentionally planting vulnerabilities directly into the global supply of open source components.
Read More...
command
READ MORE

US Energy and Commerce Committee: 6 Strategies for Modern Cybersecurity Risks

By Ilkka Turunen on December 18, 2018 software bill of materials

5 minute read time

On the 12th of December the Subcommittee on oversight and investigations released an additional report identifying the core strategies organisations can take.
Read More...