Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

By Aaron Linskens on September 12, 2023 Software Supply Chain

4 minute read time

Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders
Read More...
READ MORE

Getting started with the Secure Software Development Framework (SSDF)

6 minute read time

Discover how to get started with the Secure Software Development Framework (SSDF), what it contains, and why should you leverage it
Read More...
READ MORE

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

7 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain
Read More...
READ MORE

How to measure the maturity of your software supply chain

6 minute read time

Learn how to measure the maturity of your software supply chain and leverage a maturity framework for more secure and reliable software
Read More...
READ MORE

How to improve your software supply chain with a software security framework

8 minute read time

Enhance software supply chain security with a framework. Protect against attacks, meet regulations, and release secure software. Learn more now.
Read More...
READ MORE

Another SolarWinds? The latest software supply chain attack on 3CX

By Luke Mcbride on April 06, 2023 Software Supply Chain

6 minute read time

Get insights on the recent 3CX software supply chain attack and the growing importance of effective dependency management to protect against cyberattacks.
Read More...
READ MORE

White House National Cybersecurity Strategy: Landmark action for a critical threat

By Brian Fox on March 02, 2023 Cybersecurity

5 minute read time

The Biden administration announced a new, historic National Cybersecurity Strategy calling for cybersecurity liability and increased investment.
Read More...
Hand holding a gear
READ MORE

2023 predictions: What will happen in software supply chain governance?

By Luke Mcbride on January 09, 2023 Software Supply Chain

8 minute read time

A look at what we're expecting in the coming year, including open source security, software supply chain attacks, regulation, DevOps, and more.
Read More...
READ MORE

Wicked Good Development: Key takeaways from the State of the Software Supply Chain

By Kadi Grigg on November 17, 2022 Software Supply Chain

3 minute read time

Jump into to these four bonus episodes to find highlights and critical takeaway's from Sonatype's 8th Annual State of the Software Supply Chain Report.
Read More...