One in Six Developers in Healthcare Report Open Source Breaches | Press Release

blog-logo Sonatype Blog

UPDATE: 21 SaltStack Breaches with 2,900 Still Vulnerable

By Derek Weeks on May 31, 2020 vulnerabilities
When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?
Read More...

Tanya Janca is "Big Fan of SCA" [VIDEO]

By Zack Conord on May 15, 2020 devsecops
Zack Conord interviews Tanya Janca of SheHacksPurple about her new business and why she's eager to teach software composition analysis.
Read More...

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

By Alyssa Shames on May 12, 2020 AppSec
Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...

Your Guide to AppSec Tools: SAST or SCA?

By Alyssa Shames on April 16, 2020 AppSec
Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...

Why Software Composition Analysis (SCA) Demands Precision

Software Composition Analysis: Getting to the Signal Through the Noise, by 451 Research, demonstrates Sonatype's leadership in software composition analysis.
Read More...

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

Just two years ago, SCA was more about helping traditional security professionals identify suspects across a broad spectrum of open source ecosystems. Much has changed since then. Today,
Read More...