Skip Navigation

A guide for open source software (OSS) security

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains
Read More...

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.
Read More...

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

6 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain
Read More...

7 software license types explained: Open source and closed source

By Crystal Derakhshan on April 26, 2023 Open Source

7 minute read time

Navigate the complexities of software licenses with this comprehensive guide. Explore their differences, implications, & management strategies.
Read More...

Sonatype Lifecycle enhancements boost speed, security, and productivity

6 minute read time

Sonatype Lifecycle’s new feature enhancements elevate security posture, developer productivity, and operational excellence. Read on for the full details.
Read More...

Sonatype's SBOM generation capabilities outpace the competition

8 minute read time

Better data, a dedicated security team, and the analytical capabilities of BOM Doctor are all part of what makes Sonatype's SBOM capabilities superior.
Read More...

New on Sonatype Learn: Easy Source Control Management (SCM) Onboarding

By Cerah Hedrick (they/them) on February 28, 2023 elearning

2 minute read time

Sonatype's latest eLearning course, Easy Source Control Management (SCM) Onboarding, teaches you how to import your SCM repositories into Nexus Lifecycle.
Read More...

Sonatype Lifecycle boosts open source security and dependency management

10 minute read time

Nexus Lifecycle is designed to monitor for problems at every stage of the software development life cycle (SDLC) and automatically address them.
Read More...

The No-Fix Mediums? Not Having a High Priority Doesn’t Mean Low Danger

By Luke Mcbride on October 31, 2022 vulnerabilities

5 minute read time

An ongoing weak link in the software supply chain is vulnerable software – are you being proactive or just putting out fires?
Read More...