Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

How does developer morale affect my software supply chain?

By Luke Mcbride on January 03, 2023 survey

4 minute read time

Your place in the software supply chain has a lot to do with your development staff. A look at Sonatype data on developer state-of-mind and performance.

Read More...

Perception versus reality: A data-driven look at open source risk management

By Luke Mcbride on November 11, 2022 vulnerability

2 minute read time

Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.

Read More...

Woman interacting with a floating display

Open source best practices for higher quality code to fundamentally strengthen your project

By Aaron Linskens on November 09, 2022 Open Source

8 minute read time

A look at some basic practices for higher quality code to help fundamentally strengthen your project.

Read More...

Kubernetes containers a boon for developers

By Phil Vuollet on July 15, 2020 devsecops

3 minute read time

Kubernetes helps to automate deploying, scaling, and managing multiple containers. It is the most popular container orchestration system in use right now.

Read More...

How to upskill your team with Kubernetes

By Brad McCoy on June 30, 2020 devsecops

4 minute read time

How we got everyone through the Certified Kubernetes Administrator (CKA) training and you can, too.

Read More...

OWASP Top 10 overview

By Erik Dietrich on June 22, 2020 OWASP

4 minute read time

Caroline Wong is a Chief Strategy Officer who teaches the OWASP Top 10. She uses memorable analogies to explain all ten.

Read More...

Continuously improve CI/CD with Sonatype Lifecycle and Bitbucket Code Insights

By Kevin Miller on June 18, 2020 atlassian

2 minute read time

Developers using the Nexus platform integrated with Code Insights know when a change introduces risk, with contextual feedback for the individual branch.

Read More...

Custom node module management using private npm registry configured in Sonatype Nexus Repository

By Nipun Thilakshan on June 17, 2020 How-To

18 minute read time

How to configure a private npm registry in Sonatype Nexus Repository, and how to publish and consume custom Node.js modules in your projects.

Read More...

Observability made easy with synthetic monitoring

By Erik Dietrich on June 16, 2020 python

3 minute read time

A small number of apps disproportionately skewed aggregate metrics and sent false alarms. The solution was DIY synthetic monitoring using Python.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

How does developer morale affect my software supply chain?

Perception versus reality: A data-driven look at open source risk management

Open source best practices for higher quality code to fundamentally strengthen your project

Kubernetes containers a boon for developers

How to upskill your team with Kubernetes

OWASP Top 10 overview

Continuously improve CI/CD with Sonatype Lifecycle and Bitbucket Code Insights

Custom node module management using private npm registry configured in Sonatype Nexus Repository

Observability made easy with synthetic monitoring

Secure your software supply chain

Subscribe for all the latest software security news and events