Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
open source software
READ MORE

How to better navigate the world of DevSecOps with Sonatype and Saltworks Security

By Tanya Feghali on July 28, 2020 Open Source

3 minute read time

Sonatype and Saltworks talk about how to deliver higher quality software faster while securely taking advantage of everything open source has to offer.
Read More...
READ MORE

Getting Your Security Program to Shift Left: Operationalizing Security Controls via DevSecOps

By Daniel Longest on May 21, 2020 shift left

3 minute read time

Map the automation opportunities into your software development lifecycle as part of coordinated strategies to shift security left.
Read More...
READ MORE

Ryan Lockard Names the Seven Deadly Sins of DevSecOps [VIDEO]

By Mark Miller on April 02, 2020 AppSec

1 minute read time

Failures are an opportunity to reflect, inspect, and improve DevSecOps practices every day. Which of these have you experienced, and what did you learn?
Read More...
READ MORE

Sladjana Jovanovic and Bill McArthur Move Silos to Communities [VIDEO]

By Mark Miller on March 19, 2020 AppSec

2 minute read time

When we break down the barriers to communication and collaboration, we thrive as humans and as organizations. Sladjana Jovanovic shares her experiences.
Read More...
manual verification
READ MORE

Why Manual Verification Still Matters

By Peter Morlion on March 10, 2020 AppSec

4 minute read time

We continuously hear the benefits of automation. Jeroen Willemsen explains why we still need to perform manual checks.
Read More...
READ MORE

For Distributed Teams, It’s Not All About the Tools

By Mark Kilby on February 26, 2020 Teamwork

4 minute read time

A great distributed team starts with people with strong collaboration skills. The team needs time to understand each other's preferences to deliver value.
Read More...
READ MORE

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec

1 minute read time

A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...
enterprise security
READ MORE

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities

3 minute read time

Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...
reference architecture
READ MORE

Get the Latest DevSecOps Reference Architecture

By DJ Schleen on February 13, 2020 reference architecture

2 minute read time

Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...