Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

What is the OWASP Top 10?

By Aaron Linskens on January 12, 2024 vulnerabilities

7 minute read time

Discover the significance of OWASP in cybersecurity – What is OWASP and why it is vital for developers and organizations? Dive deeper with Sonatype.

Read More...

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

By Aaron Linskens on December 18, 2023 government

5 minute read time

OpenSSF published a response to CISA's request for comment on their white paper about software identification

Read More...

What goes great with SLSA? Sonatype.

By Jeff Wayman on December 06, 2023 Software Supply Chain

6 minute read time

Learn about seamless compatibility between SLSA and Sonatype products, highlighting the powerful synergy that can enhance your software security efforts

Read More...

How can SLSA help secure your software supply chain?

By Jeff Wayman on December 05, 2023 Software Supply Chain

5 minute read time

Learn how Supply-chain Levels for Software Artifacts (SLSA) can help secure your software supply chain and provide a safer software development environment

Read More...

The history of Maven Central and Sonatype: A journey from past to present

By Aaron Linskens on November 14, 2023 Software Supply Chain

11 minute read time

Explore the evolution of Maven Central, highlighting its crucial role in the Java ecosystem and software development overall and its connection to Sonatype

Read More...

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

By Jeff Wayman on October 31, 2023 Cybersecurity

5 minute read time

Read about how the Securities and Exchange Commission charged SolarWinds and its chief information security officer for violating federal securities laws

Read More...

Software dependencies: A beginner's guide

By Aaron Linskens on October 27, 2023 Software Supply Chain

5 minute read time

Explore software dependencies, their two main categories of direct and transitive, and find out how to manage software dependencies at scale

Read More...

Dependency mapping: A beginner's guide

By Aaron Linskens on October 20, 2023 vulnerabilities

8 minute read time

Explore dependency mapping, what it is, the benefits of mapping dependencies, and some tools that make the process easier.

Read More...

How manufacturing best practices can improve open source consumption and software supply chains

By Jeff Wayman on October 12, 2023 thought leaders

5 minute read time

Explore Sonatype's research paper developed in partnership with the Atlantic Council on software supply chain best practices for open source consumption

Read More...

Previous Next

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

What is the OWASP Top 10?

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

What goes great with SLSA? Sonatype.

How can SLSA help secure your software supply chain?

The history of Maven Central and Sonatype: A journey from past to present

How the SEC charges against SolarWinds highlight the cybersecurity liability of software companies

Software dependencies: A beginner's guide

Dependency mapping: A beginner's guide

How manufacturing best practices can improve open source consumption and software supply chains

Secure your software supply chain

Subscribe for all the latest software security news and events