Critical New 0-day Vulnerability in Popular Log4j Library Discovered | Read Blog

Featured Article

PyPI Flooded with 1,275 Dependency Confusion Packages

By Ax Sharma on January 24, 2022 vulnerabilities

Popular Python open source software repository, PyPI has been flooded with over 1,200 dependency confusion packages by the same actor.

Read More...

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Nexus Vulnerability Scanner: Getting Started with Vulnerability Analysis

By Omkar Hiremath on March 26, 2020 vulnerabilities
Nexus Vulnerability Scanner is a free tool that scans your application for vulnerabilities and reports on its analysis.
Read More...
READ MORE

OWASP Security Knowledge Framework

By Daniel Longest on March 24, 2020 security
OWASP's security knowledge framework (SKF) is a method to help web and app developers establish best practices at each stage of product development.
Read More...
SAST, DAST, CSA, OSSM, SCA
READ MORE

Four Common Security Acronyms Explained

By DJ Schleen on March 02, 2020 security
SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, what exactly do they do, and why does it matter?
Read More...
enterprise security
READ MORE

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities
Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...
GettyImages-674906266
READ MORE

Are You a Fool with a Tool?

By DJ Schleen on November 22, 2019 security
Buckminster Fuller cautioned against prioritizing tools. DevOps should always include discussions of culture, strategy, and process for the best outcomes.
Read More...
GettyImages-1075234744-1
READ MORE

Why Does Security Matter For DevOps?

By Derek Weeks on October 01, 2019 security
Caroline Wong (@CarolineWMWong) explains why organizations that use DevOps are 2X more likely to succeed than peers.
Read More...
GettyImages-1138004657-1
READ MORE

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

By Katie McCaskey on September 13, 2019 security
The largest gathering of Infosec professionals met in Washington, D.C. to discuss the future of web security. Open source software is at the core of it.
Read More...
GettyImages-1075234744
READ MORE

Security Organizations Need to Start Thinking Like Developers

By DJ Schleen on July 30, 2019 security
Developers must think more securely, and security teams need to learn more development skills. Cross-discipline awareness strengthens software development.
Read More...
GettyImages-1061671834
READ MORE

Blue by Default

By Katie McCaskey on July 29, 2019 security
Aubrey Stearn (@auberryberry) explains DevOps security approach Blue by Default. Security practices move prior to testing and delivery to ensure focus.
Read More...
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Event Terms and Conditions   Do Not Sell My Personal Information