Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Take This Interactive DevSecOps Reference Architecture For a Test Drive

By Katie McCaskey on August 30, 2019 reference architecture
An interactive DevSecOps reference architecture illustrates manual and automated processes, plus interactions between systems, stakeholders, and security.
Read More...

Sonatype Users Reveal the Benefits of Automated DevSecOps

By IT Central Station on August 28, 2019 devsecops
IT Central Station gathered unbiased reviews for Sonatype Nexus Lifecycle and Nexus Repository to find out what users had to say about these DevSecOps products.
Read More...

Success Requires Reflection on DevSecOps Failures

By DJ Schleen on August 23, 2019 DevOps Culture
There are so many books on how to succeed, but none about the major challenges and headaches that will ultimately occur when beginning a DevSecOps journey.
Read More...

Continuous Authorization with DevSecOps

By Katie McCaskey on August 06, 2019 devsecops
Continuous Authentication is a dynamic process that examines attributes that change and continually validates them. Hasan Yasar explains the DevSecOps fit.
Read More...

Security Organizations Need to Start Thinking Like Developers

By DJ Schleen on July 30, 2019 security
Developers must think more securely, and security teams need to learn more development skills. Cross-discipline awareness strengthens software development.
Read More...

Blue by Default

By Katie McCaskey on July 29, 2019 security
Aubrey Stearn (@auberryberry) explains DevOps security approach Blue by Default. Security practices move prior to testing and delivery to ensure focus.
Read More...

Free Software, But No Free Lunch

By Katie McCaskey on July 25, 2019 security
Today's threat surface is the software itself. How can Fortune 100 companies and others protect themselves? One security practice is counterintuitive.
Read More...

PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector

By Katie McCaskey on July 22, 2019 dependency injection
Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.
Read More...

DevSecOps Without Compromise

By Katie McCaskey on June 26, 2019 oss
Oliver Milke of Cloudogu provides tips to strengthen your DevSecOps toolchain. He also points out two potential weaknesses that might lurk inside, too.
Read More...