Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

The shifting landscape of open source supply chain attacks - Part 1

By Brian Fox on January 24, 2023 thought leaders

8 minute read time

A deep dive into how modern supply chains manage problems, and how companies looking to secure their software supply chains can learn from their mistakes.
Read More...
READ MORE

A guide to deployment models: Self-hosted, cloud, and air-gapped

6 minute read time

Which deployment option is right for your software supply chain? An analysis of the pros and cons of self-hosted, cloud, and air-gapped deployment.
Read More...
READ MORE

Going online with the OWASP Vulnerability Management Guide Working Group

6 minute read time

The OWASP Vulnerability Management Guide (OVMG) project seeks to simplify vulnerability management into repeatable and scalable cycles.
Read More...
READ MORE

Dependency management: Versions choice and the software supply chain

6 minute read time

The components that software developers rely upon are moving forward, but effective software supply chain management is more than being up to date.
Read More...
READ MORE

Sonatype Lifecycle boosts open source security and dependency management

10 minute read time

Nexus Lifecycle is designed to monitor for problems at every stage of the software development life cycle (SDLC) and automatically address them.
Read More...
READ MORE

Best practices in dependency management: Cooking a meal of gourmet code

5 minute read time

Close to 85% of every application is open source software. Better understanding your software supply chain starts with understanding dependency management.
Read More...
AI generated image of two purple robots fighting against the background of blue and purple fire
READ MORE

PGP vs. sigstore: A recap of the match at Maven Central

7 minute read time

We put code-signing tools PGP and sigstore in a head-to-head match with Maven Central users to find a winner. The results may surprise you.
Read More...
Illustrated picture of lightning bults with skulls raining down on 3 umbrellas
READ MORE

EU Cyber Resilience Act: Good for software supply chain security, bad for open source?

By Brian Fox on December 22, 2022 secure software supply chain

10 minute read time

The Cyber Resilience Act is the European Union's proposed regulation to combat threats affecting any digital entity. What does that mean for open source?
Read More...
READ MORE

Cybersecurity and beyond: Why secure procurement is a must for your organization

By Michael Griffin on December 05, 2022 thought leaders

5 minute read time

Michael Griffin discusses how cybersecurity and mature procurement go hand-in-hand, and how Sonatype helps make sure that this process is secure.
Read More...