Featured Article

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

Read More

SHARE:

Sonatype_Blog_Logo_White
A stylized image of a hand reaching out to various boxes on a line
READ MORE

Prioritizing Open Source Vulnerabilities: Is Reachability Useful?

By Stephen Magill on December 06, 2021 Open Source

8 minute read time

Good software composition analysis (SCA) can reduce open source risk, but poor results slows development. Can prioritization based on reachability help?
Read More...
Graph with increasing value
READ MORE

Return on Investment in Software Composition Analysis?

By IT Central Station on August 20, 2021 Nexus Lifecycle

4 minute read time

Having become a more standard part of the software development process, SCA is increasingly taken for granted as worth the investment, but is it?
Read More...
Image of various software icon elements
READ MORE

Effective Tools for Software Composition Analysis

By IT Central Station on July 14, 2021 Nexus Lifecycle

4 minute read time

Better developer tools for the software supply chain mean a faster, more effective team. Sonatype customers share the tools that help them move faster and with less risk.
Read More...
high quality data creates better software composition analysis
READ MORE

Why High-Quality Data is Critical for Effective Software Composition Analysis

4 minute read time

A secure software supply chain requires higher quality data. Sonatype customers share why its software compositional analysis intelligence means greater confidence that real vulnerabilities will be
Read More...
READ MORE

Considering Nexus Auditor? You Should, But Know These Things First

By Kadi Grigg on June 25, 2020 JIRA

3 minute read time

Nexus Auditor, in the right use case, is a solid, cost-effective solution. Is Nexus Auditor the solution for you? Maybe, maybe not. Here's how to find out.
Read More...
READ MORE

Octopus Scanner Compromises 26 OSS Projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity

3 minute read time

The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...
group discussion
READ MORE

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

By Alyssa Shames on May 12, 2020 AppSec

4 minute read time

Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...
READ MORE

Your Guide to AppSec Tools: SAST or SCA?

By Alyssa Shames on April 16, 2020 AppSec

4 minute read time

Software composition analysis speeds time to innovation by automating manual open source governance processes that are prone to errors.
Read More...
feedback
READ MORE

Win a $100 Gift Card: Take a Brief Survey on Software Composition Analysis

By Shade Solon on September 20, 2019 github

2 minute read time

If you are excited about GitHub Actions, and want to understand the open source dependencies in your software, fill out this survey for a chance to win.
Read More...