Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
Apple held up next to an orange
READ MORE

Comparing SBOM standards: SPDX vs. CycloneDX

By Luke Mcbride on February 17, 2023 software bill of materials

7 minute read time

Do you know which format for generating a software bill of materials (SBOM) is the best option for your organization? A look at the two leading standards.
Read More...
READ MORE

5 tools to automate SBOM creation

By Eddie Knight on February 13, 2023 agile development

6 minute read time

A look at five different tools that can be integrated into your development workflow to automatically generate a software bill of materials (SBOM).
Read More...
Illustrated picture of lightning bults with skulls raining down on 3 umbrellas
READ MORE

EU Cyber Resilience Act: Good for software supply chain security, bad for open source?

By Brian Fox on December 22, 2022 secure software supply chain

10 minute read time

The Cyber Resilience Act is the European Union's proposed regulation to combat threats affecting any digital entity. What does that mean for open source?
Read More...
Woman interacting with a floating display
READ MORE

Open source best practices for higher quality code to fundamentally strengthen your project

By Aaron Linskens on November 09, 2022 Open Source

8 minute read time

A look at some basic practices for higher quality code to help fundamentally strengthen your project.
Read More...
documentation
READ MORE

Using a software bill of materials (SBOM) is going mainstream

3 minute read time

Crazy: OWASP A9 is about to turn seven and the DevSecOps Community Survey shows less than half of organizations can produce a Software Bill of Materials.
Read More...
READ MORE

Update: 21 SaltStack breaches with 2,900 still vulnerable

By Derek Weeks on May 31, 2020 vulnerabilities

7 minute read time

When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?
Read More...
GettyImages-1069360792
READ MORE

Gartner: Mitigate Risk by Hardening the Software Supply Chain

By Katie McCaskey on December 12, 2019 Sonatype Nexus

5 minute read time

As Gartner explains, key to mitigating open source risk, is a hardened software supply chain. But, where do you start?
Read More...
GettyImages-1092924294
READ MORE

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials

5 minute read time

Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...