Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

DevSecOps Without Compromise

By Katie McCaskey on June 26, 2019 oss
Oliver Milke of Cloudogu provides tips to strengthen your DevSecOps toolchain. He also points out two potential weaknesses that might lurk inside, too.

Achieving a Managed State Model For Your Software Supply Chain

Secure software development processes share attributes with other human endeavors such as cooking, reading, and sports, says Santi Mulukutla of Sonatype.

DevSecOps: Security at the Speed of DevOps

By Katie McCaskey on June 18, 2019 devsecops
Larry Maccherone of Comcast shares his DevSecOps Manifesto and strategies he's used to foster the cultural change necessary to implement DevSecOps.

Malicious Code Injection Strikes Again as npm Foils $13M Cryptocurrency Theft

By Derek Weeks on June 07, 2019 vulnerabilities
The latest attempt at a cryptocurrency heist demonstrates how open source software components are used throughout the cryptocurrency ecosystem.

From Burping to Flying - Red Teaming with Nexus at Intuit

By Mark Henke on May 24, 2019 devsecops
Security is too important to leave out of DevOps. Learn why, and how to unite the two, from Shannon Lietz's 2018 Nexus User Conference session.

The DevSecOps Equilibrium

By Derek Weeks on May 22, 2019 devsecops
Is their tension in your organization between sec, ops, and dev? In his All Day DevOps chat, Chris Corriere talks about finding the DevSecOps Equilibrium.

Alexa: What’s the Future of Cyber Security?

By Katie McCaskey on May 02, 2019 devsecops
The software supply chain connects everyone and everything but attacks to this connected web can be blatant and overt, with damaging consequences - especially within the federal government.

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get

40 DevSecOps Reference Architectures To Learn From

By Janie Gelfond on April 04, 2019 devsecops
Scaling DevSecOps is no easy feat. There are so many ways to automate security across the SDLC, that it can become overwhelming quickly. That's why we created DevSecOps Reference Architecture