Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
DroneDelivery
READ MORE

Advancing Application Delivery

By Derek Weeks on September 17, 2019 AppSec

3 minute read time

Swati Shah of US Bank describes the steps required to implement Continuous Delivery in a regulated environment.
Read More...
GettyImages-529054441
READ MORE

New Micro Focus, Sonatype Partnership Provides 360 Degree View of AppSec

By Michelle Dufty on September 11, 2019 AppSec

2 minute read time

The need to understand both custom and open source code, in a holistic way, is exactly why Micro Focus and Sonatype have come together in partnership.
Read More...
GettyImages-867236268
READ MORE

The Three R’s of Software Supply Chains: Reject, Replace, and Respond

By Curtis Yanko on September 09, 2019 devops best practices

7 minute read time

OWASP A9 has been around for over 6 years now. These three R's helps enterprise security manage their software supply chains: Reject, Replace, Respond.
Read More...
BrokenWall
READ MORE

Security Should Stop Being a Drag

By DJ Schleen on September 06, 2019 deployment

3 minute read time

An application should withstand automated, manual, or user testing. Security vulnerabilities, although extremely important, are in reality non-functional.
Read More...
GettyImages-1035213106
READ MORE

DevSecOps & Chaos Engineering: Knowing the Unknown

By Derek Weeks on September 04, 2019 software testing

2 minute read time

Aaron Rinehart (@aaronrinehart) dives into chaos engineering: what it is, why you need it, and how you can implement it in your organization.
Read More...
GettyImages-1058615028
READ MORE

Take This Interactive DevSecOps Reference Architecture For a Test Drive

By Katie McCaskey on August 30, 2019 reference architecture

2 minute read time

An interactive DevSecOps reference architecture illustrates manual and automated processes, plus interactions between systems, stakeholders, and security.
Read More...
GettyImages-674906266
READ MORE

Sonatype Users Reveal the Benefits of Automated DevSecOps

By IT Central Station on August 28, 2019 devsecops

4 minute read time

IT Central Station gathered unbiased reviews for Sonatype Nexus Lifecycle and Nexus Repository to find out what users had to say about these DevSecOps products.
Read More...
GettyImages-1066260550
READ MORE

Success Requires Reflection on DevSecOps Failures

By DJ Schleen on August 23, 2019 DevOps Culture

4 minute read time

There are so many books on how to succeed, but none about the major challenges and headaches that will ultimately occur when beginning a DevSecOps journey.
Read More...
GettyImages-1137632555
READ MORE

Continuous Authorization with DevSecOps

By Katie McCaskey on August 06, 2019 devsecops

3 minute read time

Continuous Authentication is a dynamic process that examines attributes that change and continually validates them. Hasan Yasar explains the DevSecOps fit.
Read More...