Featured Article

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

Read More

Better software development: Insights from the SBOM Scorecard

By Omar Torres on June 08, 2023 AppSec

2 minute read time

Data Insights– a look at Sonatype's SBOM scorecard.

Read More...

How to convert your SBOM between SPDX and CycloneDX formats

By Aaron Linskens on April 21, 2023 secure software supply chain

7 minute read time

A step-by-step guide on how to convert between SBOM formats using tooling from the official repositories of SPDX and CycloneDX.

Read More...

Sonatype's SBOM generation capabilities outpace the competition

By Audra Davis-Hurst on March 22, 2023 secure software supply chain

8 minute read time

Better data, a dedicated security team, and the analytical capabilities of BOM Doctor are all part of what makes Sonatype's SBOM capabilities superior.

Read More...

Comparing SBOM standards: SPDX vs. CycloneDX

By Luke Mcbride on February 17, 2023 software bill of materials

7 minute read time

Do you know which format for generating a software bill of materials (SBOM) is the best option for your organization? A look at the two leading standards.

Read More...

5 tools to automate SBOM creation

By Eddie Knight on February 13, 2023 agile development

6 minute read time

A look at five different tools that can be integrated into your development workflow to automatically generate a software bill of materials (SBOM).

Read More...

Illustrated picture of lightning bults with skulls raining down on 3 umbrellas

EU Cyber Resilience Act: Good for software supply chain security, bad for open source?

By Brian Fox on December 22, 2022 secure software supply chain

10 minute read time

The Cyber Resilience Act is the European Union's proposed regulation to combat threats affecting any digital entity. What does that mean for open source?

Read More...

Woman interacting with a floating display

Open source best practices for higher quality code to fundamentally strengthen your project

By Aaron Linskens on November 09, 2022 Open Source

8 minute read time

A look at some basic practices for higher quality code to help fundamentally strengthen your project.

Read More...

Using a Software Bill of Materials (SBOM) is Going Mainstream

By Curtis Yanko on June 04, 2020 software bill of materials

2 minute read time

Crazy: OWASP A9 is about to turn seven and the DevSecOps Community Survey shows less than half of organizations can produce a Software Bill of Materials.

Read More...

UPDATE: 21 SaltStack Breaches with 2,900 Still Vulnerable

By Derek Weeks on May 31, 2020 vulnerabilities

6 minute read time

When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?

Read More...

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

Better software development: Insights from the SBOM Scorecard

How to convert your SBOM between SPDX and CycloneDX formats

Sonatype's SBOM generation capabilities outpace the competition

Comparing SBOM standards: SPDX vs. CycloneDX

5 tools to automate SBOM creation

EU Cyber Resilience Act: Good for software supply chain security, bad for open source?

Open source best practices for higher quality code to fundamentally strengthen your project

Using a Software Bill of Materials (SBOM) is Going Mainstream

UPDATE: 21 SaltStack Breaches with 2,900 Still Vulnerable

Secure your software supply chain

Subscribe for all the latest software security news and events