Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Effective Tools for Software Composition Analysis

By IT Central Station on July 14, 2021 Nexus Lifecycle
Better developer tools for the software supply chain mean a faster, more effective team. Sonatype customers share the tools that help them move faster and with less risk.
Read More...

Why High-Quality Data is Critical for Effective Software Composition Analysis

A secure software supply chain requires higher quality data. Sonatype customers share why its software compositional analysis intelligence means greater confidence that real vulnerabilities will be
Read More...

Considering Nexus Auditor? You Should, But Know These Things First

By Kadi Grigg on June 25, 2020 JIRA
Nexus Auditor, in the right use case, is a solid, cost-effective solution. Is Nexus Auditor the solution for you? Maybe, maybe not. Here's how to find out.
Read More...

Octopus Scanner Compromises 26 OSS Projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity
The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

By Alyssa Shames on May 12, 2020 AppSec
Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...

Your Guide to AppSec Tools: SAST or SCA?

By Alyssa Shames on April 16, 2020 AppSec
Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...

Win a $100 Gift Card: Take a Brief Survey on Software Composition Analysis

By Shade Solon on September 20, 2019 github
If you are excited about GitHub Actions, and want to understand the open source dependencies in your software, fill out this survey for a chance to win.
Read More...

Why Software Composition Analysis (SCA) Demands Precision

Software Composition Analysis: Getting to the Signal Through the Noise, by 451 Research, demonstrates Sonatype's leadership in software composition analysis.
Read More...

Software Composition Analysis: A Matter of Perspective (and Experience)

The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.
Read More...