LLM vector and embedding risks and how to defend against them
As large language model (LLM) applications mature, the line between model performance and model vulnerability continues to blur ... Read More
Secure mobile applications with Dart, Flutter, and Sonatype
The Dart coding language and the Flutter framework architecture are gaining traction among developers looking to build fast, reliable, cross-platform applications ... Read More
Open source policy management: How Sonatype supports security at scale
As organizations rely more heavily on open source components, software composition analysis (SCA) has become essential for identifying risks. But visibility alone is not enough. What turns insight into action is effective policy management: the ability to define and enforce rules that govern how software is built ... Read More
Automation you can trust: Cut backlogs without breaking builds
Engineering teams live in a paradox — under pressure to ship software faster than ever, yet every new open source component introduces hidden risk. Security backlogs pile up as developers scramble to fix vulnerabilities, balance new feature work, and try not to disrupt critical builds ... Read More
Streamline SCA with Sonatype’s build-safe automation
As open source adoption accelerates across the enterprise, so too does its complexity. Development teams are building software with hundreds of components, each carrying its own risks, release cycles, and dependencies ... Read More
SBOM management and generation: How Sonatype leads in software supply chain visibility
As software supply chain threats become more complex, organizations need more than just vulnerability scanning — they need complete visibility into the components that make up their applications ... Read More
The OWASP LLM Top 10 and Sonatype: Data and model poisoning
Artificial intelligence (AI) continues to redefine what is possible in software, from predictive models to generative content. But as AI systems grow in power, so too do the threats targeting their foundations, including a particularly insidious category: data and model poisoning ... Read More
Developing with Docker and Sonatype: Building secure software at scale
Docker remains a cornerstone of modern development environments, helping teams containerize applications, speed up delivery pipelines, and standardize across systems. But as container usage grows, so do concerns about software supply chain security, dependency management, and image provenance ... Read More
The OWASP LLM Top 10 and Sonatype: Supply chain security
The rise of AI has unlocked unprecedented opportunities across industries, from automating tedious tasks to accelerating software development and transforming how applications are built and maintained. However, AI has also exposed critical vulnerabilities, ethical concerns, data privacy risks, and the potential for misuse or bias in decision-making processes ... Read More
Enhancing software supply chain security in financial services with Sonatype and AWS
Financial services organizations prioritize software security as part of their risk management strategy. Open source components accelerate software development, and organizations benefit from implementing appropriate security controls to manage potential associated risks ... Read More
