Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

DevSecOps In The Age Of Containers

By Curtis Yanko on March 30, 2018 devsecops

Earlier this year I wrote a two part series called CI In The Age Of Containers - Part 1 & Part 2. My original goal was to explore the impact container might


The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 npmgate

This morning, the creator of go-bindata deleted their GitHub account and someone else created a new account under the same name.  When open source is at


Ann Winblad Reflects: The Rise of Software

By Derek Weeks on January 04, 2018 Software Supply Chain

Ann Winblad started her own software business when most people didn’t know what software was. It was 1976, and she borrowed $500 from her brother. Six years


Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 struts2

Four days ago, we saw a critical vulnerability in Struts2 that would leave web applications vulnerable to remote execution of code and enable direct access


The Trump White House Takes Aim at Cybersecurity

By Derek Weeks on May 12, 2017 Cybersecurity

“The executive branch has for too long accepted antiquated and difficult–to-defend IT”, declared President Donald Trump in a new Executive Order released on


DevSecOps: Eat Carrots, Not Cupcakes

By Derek Weeks on March 23, 2017 Software Supply Chain

You Are What You Eat.  

When it comes to food, we all know what’s considered “good” and what’s “bad”.


Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

This week we saw the announcement of yet another Struts 2 Remote Code Exploit (RCE) vulnerability. What's notable about this instance is that POC code seems


DevSecOps: Better Software, Faster

By Derek Weeks on February 08, 2017 repository health check

“The big problems are where people don't realize they have one in the first place.” - W. Edwards Deming, patron saint of DevOps.


LEGO, Death Stars, and Millennium Falcons, Oh My

By Jeffrey Wayman on January 18, 2017 legos

Summary: Sonatype now offers a new revolutionary way to instantly give your teams access to vulnerability, license, and quality related data for the