Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

In the Dark about Software Supply Chain Vulnerabilities

By Matt Howard on May 16, 2019 vulnerability
The Barium attacks , revealed earlier this month, highlight new, pervasive tactics that are exceptionally dangerous.
Read More...

Alexa: What’s the Future of Cyber Security?

By Katie McCaskey on May 02, 2019 devsecops
The software supply chain connects everyone and everything but attacks to this connected web can be blatant and overt, with damaging consequences - especially within the federal government.
Read More...

US Energy and Commerce Committee: 6 Strategies for Modern Cybersecurity Risks

By Ilkka Turunen on December 18, 2018 software bill of materials
On the 12th of December the Subcommittee on oversight and investigations released an additional report identifying the core strategies organisations can take to address modern cybersecurity risks.
Read More...

The Weakest Link Might be Your Supply Chain: Just Ask The Pentagon

By Matt Howard on August 13, 2018 devsecops
Whether you’re talking about software applications, or national security, there is an imminent need to better understand who you’re doing business with, and what’s coming into your house.
Read More...

What can we learn from 200 Billion JavaScript downloads

By Derek Weeks on February 08, 2018 Javascript
JavaScript packages downloaded from the npm repository now tops 200 billion downloads annually. We dissect what that means for the open source community.
Read More...

Strengthening Software Supply Chains for Everyone: Why Grafeas is a Great Idea

By Brian Fox on October 17, 2017 Nexus Lifecycle
In keeping with our long standing commitment to open innovation — Sonatype is excited to add unique value to the Grafeas community so organizations everywhere can automatically strengthen and secure
Read More...