Featured Article
New Design, New Features: Maven Central Improvements for Developers
A secure software supply chain requires higher quality data. Sonatype customers share why its software compositional analysis intelligence means greater confidence that real vulnerabilities will be
Read More...
UPDATE: 21 SaltStack Breaches with 2,900 Still Vulnerable
6 minute read time
When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?
Read More...
Tanya Janca is "Big Fan of SCA" [VIDEO]
3 minute read time
Zack Conord interviews Tanya Janca of SheHacksPurple about her new business and why she's eager to teach software composition analysis.
Read More...
Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution
4 minute read time
Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...
Your Guide to AppSec Tools: SAST or SCA?
4 minute read time
Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...
Why Software Composition Analysis (SCA) Demands Precision
3 minute read time
Software Composition Analysis: Getting to the Signal Through the Noise, by 451 Research, demonstrates Sonatype's leadership in software composition analysis.
Read More...
Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)
3 minute read time
Just two years ago, SCA was more about helping traditional security professionals identify suspects across a broad spectrum of open source ecosystems. Much has changed since then. Today,
Read More...