Skip Navigation
Book a Demo
Book a Demo

Featured Article

Sonatype Named in the 2023 Gartner® Magic Quadrant™ for Application Security Testing

By Tara Flynn Condon on May 23, 2023 AppSec

Sonatype is named to the 2023 Gartner Magic Quadrant for Application Security Testing (AST).

Read More

SHARE:

Sonatype_Blog_Logo_White
Claw grabber picking up a bad component
READ MORE

Protecting Software Developers from Malware with AI/ML Insights

By Mandeep Singh on April 20, 2023 featured

5 minute read time

Developer-targeted malware is a complex and difficult problem. A look at what tools and information are needed to reduce risk in your development pipeline.
Read More...
READ MORE

SCA and SAST: What Do They Do and How Can They Help Developers Like You?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...
Bride at her computer in front of multiple screens
READ MORE

What do Log4Shell and a Global Pandemic Have in Common?

By Theresa Mammarella on November 15, 2022 AppSec

4 minute read time

A look at development through the lens of weddings, including long-term planning, contingencies, and disasters. A video talk from this years DEVOXX.
Read More...
Umbrellas blocking dangers
READ MORE

The Magic Behind Over 101,000 Malicious Packages Discovered and Blocked

By Chris Good on November 08, 2022 Nexus Firewall

3 minute read time

A look at how Sonatype software is protecting development teams and software with the industry-leading tools.
Read More...
People walking around a grid
READ MORE

Setting Boundaries: How Procurement Relates to Security (Part 1)

By Michael Griffin on August 24, 2022 News and Views

4 minute read time

Whether your organization calls it purchasing, requisition, bidding, or business operations, not managing what comes into your company can be expensive.
Read More...
Packages going through a supply chain
READ MORE

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities

6 minute read time

ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...
open source software
READ MORE

How to Better Navigate the World of DevSecOps with Sonatype and Saltworks Security

By Tanya Feghali on July 28, 2020 Open Source

2 minute read time

Sonatype and Saltworks talk about how to deliver higher quality software faster while securely taking advantage of everything open source has to offer.
Read More...
READ MORE

"WTF is DevSecOps?"

By Elizabeth Kathure on May 27, 2020 devsecops

3 minute read time

DevSecOps is a great idea. But it means security engineers, DevSecOps teams, and developers working together.
Read More...
READ MORE

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

By Daniel Longest on May 21, 2020 shift left

3 minute read time

Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.
Read More...