Skip Navigation

Sonatype named a leader in The Forrester Wave™ for software composition analysis

By Tara Flynn Condon on June 15, 2023 Forrester

3 minute read time

The Sonatype platform named a Leader in the 2023 Forrester Wave for SCA.
Read More...

Prioritizing open source vulnerabilities: Is reachability useful?

By Stephen Magill on December 06, 2021 Open Source

8 minute read time

Good software composition analysis (SCA) can reduce open source risk, but poor results slows development. Can prioritization based on reachability help?
Read More...

Return on investment in software composition analysis (SCA)?

By IT Central Station on August 20, 2021 license risk

4 minute read time

Having become a more standard part of the software development process, SCA is increasingly taken for granted as worth the investment, but is it?
Read More...

Effective tools for software composition analysis (SCA)

By IT Central Station on July 14, 2021 license risk

4 minute read time

Better developer tools for the software supply chain mean a faster, more effective team.
Read More...

Why high-quality data is critical for effective software composition analysis (SCA)

4 minute read time

A secure software supply chain requires higher quality data.
Read More...

Considering Sonatype Auditor? You should, but know these things first

By Kadi Grigg on June 25, 2020 JIRA

3 minute read time

Nexus Auditor, in the right use case, is a solid, cost-effective solution. Is Nexus Auditor the solution for you? Maybe, maybe not. Here's how to find out.
Read More...

Octopus Scanner Compromises 26 OSS Projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity

3 minute read time

The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

By Alyssa Shames on May 12, 2020 AppSec

4 minute read time

Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...

Your Guide to AppSec Tools: SAST or SCA?

By Alyssa Shames on April 16, 2020 AppSec

4 minute read time

Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...