Featured Article

Introducing Our 8th Annual State of the Software Supply Chain Report

By Stephen Magill on October 18, 2022 State of the Software Supply Chain

Announcing the arrival of our 8th Annual State of the Software Supply Chain Report looking at managing open source security, industry trends, and more.

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Getting Started with Your Nexus Vulnerability Analysis | Sonatype

By Omkar Hiremath on March 26, 2020 vulnerabilities

7 minute read time

Nexus Vulnerability Scanner is a free tool that scans your application for vulnerabilities and reports on its analysis.
Read More...
READ MORE

OWASP Security Knowledge Framework

By Daniel Longest on March 24, 2020 security

4 minute read time

OWASP's security knowledge framework (SKF) is a method to help web and app developers establish best practices at each stage of product development.
Read More...
SAST, DAST, CSA, OSSM, SCA
READ MORE

Four Common Security Acronyms Explained

By DJ Schleen on March 02, 2020 security

4 minute read time

SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, what exactly do they do, and why does it matter?
Read More...
enterprise security
READ MORE

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Ax Sharma on February 17, 2020 vulnerabilities

3 minute read time

Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...
GettyImages-674906266
READ MORE

Are You a Fool With a Tool?

By DJ Schleen on November 22, 2019 security

3 minute read time

Buckminster Fuller cautioned against prioritizing tools. DevOps should always include discussions of culture, strategy, and process for the best outcomes.
Read More...
GettyImages-1075234744-1
READ MORE

Why Does Security Matter For DevOps?

By Derek Weeks on October 01, 2019 security

4 minute read time

Caroline Wong (@CarolineWMWong) explains why organizations that use DevOps are 2X more likely to succeed than peers.
Read More...
GettyImages-1138004657-1
READ MORE

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

By Katie McCaskey on September 13, 2019 security

2 minute read time

The largest gathering of Infosec professionals met in Washington, D.C. to discuss the future of web security. Open source software is at the core of it.
Read More...
GettyImages-1075234744
READ MORE

Security Organizations Need to Start Thinking Like Developers

By DJ Schleen on July 30, 2019 security

2 minute read time

Developers must think more securely, and security teams need to learn more development skills. Cross-discipline awareness strengthens software development.
Read More...
GettyImages-1061671834
READ MORE

Blue by Default

By Katie McCaskey on July 29, 2019 security

3 minute read time

Aubrey Stearn (@auberryberry) explains DevOps security approach Blue by Default. Security practices move prior to testing and delivery to ensure focus.
Read More...
Twitter LinkedIn Facebook YouTube GitHub
Products
Free Tools
Solutions
Resources
Customer Portal
Company
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759

Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102

Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia

London Office -168 Shoreditch High Street, E1 6HU London

Subscribe for all the latest software security news and events

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy    Modern Slavery Statement    Event Terms and Conditions   Do Not Sell My Personal Information