Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Sonatype Lifecycle enhancements boost speed, security, and productivity

6 minute read time

Sonatype Lifecycle’s new feature enhancements elevate security posture, developer productivity, and operational excellence. Read on for the full details.
Read More...
READ MORE

Manage open source risk with improved malware detection

5 minute read time

Malware targeting developers remains a major concern. Learn what your organization can do to keep cybersecurity risks out of your development pipeline.
Read More...
READ MORE

Sonatype's SBOM generation capabilities outpace the competition

8 minute read time

Better data, a dedicated security team, and the analytical capabilities of BOM Doctor are all part of what makes Sonatype's SBOM capabilities superior.
Read More...
READ MORE

What is hashing? A look at unique identifiers in software

10 minute read time

Get a handle on software security with these odd-looking but very accessible tools to help sort good from bad on the internet.
Read More...
READ MORE

Transitioning your software supply chain management (SSCM) to the cloud

By Omar Torres on February 22, 2023 secure software supply chain

6 minute read time

Transitioning from self-hosted services to managed cloud can be difficult. A look at some of the considerations around SSCM migrations.
Read More...
READ MORE

Is cyber liability insurance a moral hazard in the US?

By Brian Fox on February 22, 2023 secure software supply chain

8 minute read time

Sonatype CTO and co-founder, Brian Fox, shares his thoughts on the developing role of cyber liability insurance in software supply chain management.
Read More...
READ MORE

Are unnecessary vulnerabilities polluting your software supply chain?

7 minute read time

As malicious software supply chain attacks continue to evolve, so do the ways that bad actors exploit vulnerable libraries.
Read More...
READ MORE

The shifting landscape of open source supply chain attacks - Part 3

By Brian Fox on January 26, 2023 thought leaders

12 minute read time

Brian Fox shares insights on who’s responsible for the security of software supply chains, and how orgs can minimize impact on efficiency and speed.
Read More...
READ MORE

The shifting landscape of open source supply chain attacks - Part 2

By Brian Fox on January 25, 2023 thought leaders

11 minute read time

Sonatype's Brian Fox delves into how bad actors and cybercriminals are attacking the software supply chain, and how cyberattacks continue to evolve.
Read More...