Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

As we gear up to release the 2018 edition of the State of the Software Supply Chain Report, I've been reflecting on the growing market for Software

Read More...

Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials

For the second time in as many weeks we’re seeing the fallout of missteps taken by publishers of open source components. It was just last week that I wrote

Read More...

The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 Software Supply Chain

This morning, the creator of go-bindata deleted their GitHub account and someone else created a new account under the same name.  When open source is at

Read More...

The Power of Data in DevSecOps

By Derek Weeks on January 28, 2018 OSS governance

“In God we trust. All others must bring data.” – W. Edwards Deming

Read More...

DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance

Gartner recently posted their Top 10 Strategic Technology Trends for 2018 and DevSecOps practices made the list.

Here's what they said, "Traditional

Read More...

How DevOps Killed the Market for Software Composition Analysis

By Matt Howard on February 28, 2017 Application Security

The niche market for Software Composition Analysis (SCA) tools has died.  The culprit: DevOps.

In today's world, developers are king.  Innovation is the

Read More...