Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Sonatype Lifecycle best practices: Reference policies, backup and restore

By Aaron Linskens on May 07, 2024 backup

5 minute read time

Explore how Sonatype Lifecycle offers powerful capabilities to enhance security with effective reference policies and robust backup and restore processes

Read More...

The impact of automating open source dependency management

By Jamie Coleman on May 03, 2024 dependencies

5 minute read time

Learn about the automation benefits of software dependency management from the experience of developers working in a heavily regulated industry

Read More...

Sonatype Lifecycle best practices: Getting started and managing SBOMs

By Aaron Linskens on April 25, 2024 software bill of materials

5 minute read time

Sonatype Lifecycle enables you to control known and unknown risks by automating and optimizing the security and management of software supply chains.

Read More...

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages

Read More...

DevSecOps: A beginner's guide

By Aaron Linskens on December 04, 2023 shift left

6 minute read time

Explore the fundamentals of DevSecOps, its principles, practices, and the shift it represents in security within the software development life cycle

Read More...

Software dependencies: A beginner's guide

By Aaron Linskens on October 27, 2023 Software Supply Chain

5 minute read time

Explore software dependencies, their two main categories of direct and transitive, and find out how to manage software dependencies at scale

Read More...

Open source risk management: Safeguarding software integrity

By Aaron Linskens on October 13, 2023 secure software supply chain

6 minute read time

Explore open source risk management as the identification and mitigation of security, compliance, and operational risks with using open source software

Read More...

A guide for open source software (OSS) security

By Aaron Linskens on August 28, 2023 secure software supply chain

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains

Read More...

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Sonatype Lifecycle best practices: Reference policies, backup and restore

The impact of automating open source dependency management

Sonatype Lifecycle best practices: Getting started and managing SBOMs

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

DevSecOps: A beginner's guide

Software dependencies: A beginner's guide

Open source risk management: Safeguarding software integrity

A guide for open source software (OSS) security

Enhancing software supply chain security: New Sonatype product capabilities

Secure your software supply chain

Subscribe for all the latest software security news and events