Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

As we gear up to release the 2018 edition of the State of the Software Supply Chain Report, I've been reflecting on the growing market for Software


Malicious Intent: Open Source Developers, Please Protect Your Users

By Brian Fox on February 14, 2018 software bill of materials

For the second time in as many weeks we’re seeing the fallout of missteps taken by publishers of open source components. It was just last week that I wrote


The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 Software Supply Chain

This morning, the creator of go-bindata deleted their GitHub account and someone else created a new account under the same name.  When open source is at


The Power of Data in DevSecOps

By Derek Weeks on January 28, 2018 OSS governance

“In God we trust. All others must bring data.” – W. Edwards Deming


DevSecOps Goes Mainstream

By Derek Weeks on January 14, 2018 open source governance

Gartner recently posted their Top 10 Strategic Technology Trends for 2018 and DevSecOps practices made the list.

Here's what they said, "Traditional


How DevOps Killed the Market for Software Composition Analysis

By Matt Howard on February 28, 2017 Application Security

The niche market for Software Composition Analysis (SCA) tools has died.  The culprit: DevOps.

In today's world, developers are king.  Innovation is the