Why Software Composition Analysis (SCA) Demands Precision
3 minute read time
Software Composition Analysis: Getting to the Signal Through the Noise, by 451 Research, demonstrates Sonatype's leadership in software composition analysis.
Read More...
Software Composition Analysis: A Matter of Perspective (and Experience)
2 minute read time
The SCA market is young - leaving everyone wrestling with a critical question: is it a security-centric, developer-centric, or a legal-centric endeavor? At Sonatype, we believe it's all of the above.
Read More...
Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)
3 minute read time
Just two years ago, SCA was more about helping traditional security professionals identify suspects across a broad spectrum of open source ecosystems. Much has changed since then. Today,
Read More...
Malicious Intent: Open Source Developers, Please Protect Your Users
1 minute read time
Pay attention to your own digital security as you would if you were protecting millions of others. Malicious code found in npm package conventional-changelog.
Read More...
The Hijacking of a Known GitHub ID: go-bindata
2 minute read time
the creator of go-bindata deleted their @github account and someone else created a new account under the same name
Read More...
The Power of Data in DevSecOps
2 minute read time
Better data improves mean times to repair in DevSecOps pipelines.
Read More...
DevSecOps Goes Mainstream
1 minute read time
Traditional security techniques using ownership and control rather than trust will not work in the digital world.
Read More...
How DevOps Killed the Market for Software Composition Analysis
1 minute read time
SCA tools are waterfall-native by design. It is impossible to integrate SCA security controls into DevOps-native work flows in an automated and scalable way.
Read More...