SCA and SAST: What Do They Do and How Can They Help Developers Like You?

By Theresa Mammarella on January 03, 2023 AppSec

5 minute read time

SCA and SAST tools help DevSecOps teams and application developers work together to identify vulnerabilities and improve security.
Read More...

What do Log4Shell and a Global Pandemic Have in Common?

By Theresa Mammarella on November 15, 2022 AppSec

4 minute read time

A look at development through the lens of weddings, including long-term planning, contingencies, and disasters. A video talk from this years DEVOXX.
Read More...

The Magic Behind Over 101,000 Malicious Packages Discovered and Blocked

By Chris Good on November 08, 2022 Nexus Firewall

3 minute read time

A look at how Sonatype software is protecting development teams and software with the industry-leading tools.
Read More...

Setting Boundaries: How Procurement Relates to Security (Part 1)

By Michael Griffin on August 24, 2022 News and Views

4 minute read time

Whether your organization calls it purchasing, requisition, bidding, or business operations, not managing what comes into your company can be expensive.
Read More...

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities

6 minute read time

ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

How to Better Navigate the World of DevSecOps with Sonatype and Saltworks Security

By Tanya Feghali on July 28, 2020 Open Source

2 minute read time

Sonatype and Saltworks talk about how to deliver higher quality software faster while securely taking advantage of everything open source has to offer.
Read More...

"WTF is DevSecOps?"

By Elizabeth Kathure on May 27, 2020 devsecops

3 minute read time

DevSecOps is a great idea. But it means security engineers, DevSecOps teams, and developers working together.
Read More...

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

By Daniel Longest on May 21, 2020 shift left

3 minute read time

Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.
Read More...

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec

1 minute read time

Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...