Identifying Security Vulnerabilities at Scale: Venture Inside a Jenkins Pipeline

Identifying Security Vulnerabilities Inside a Jenkins Pipeline

What’s the best approach to secure vulnerabilities inside a Jenkins pipeline? Surprisingly, scale isn’t a consideration. Good security practices work whether you are talking about a personal project or an enterprise solution. Sonatype’s Justin Young (@whyjustin) took up the topic recently at Jenkins World. First, he outlined today’s ongoing technological ... Read More

Sonatype a Recognized Cybersecurity, DevOps Tech Titan

Sonatype continues to win accolades this year, from being named a top workplace for innovators by Fast Company and a coveted place to work, to being called an industry standout as an SD Times 100 company. Now we add four more ... Read More
WhatsApp Security Flaw Stems from Vulnerable Open Source Library

What Developers Need to Know About WhatsApp’s Recent Security Dilemma

Last week, reports, like this one from Dark Reading, surfaced a remotely exploitable bug found in Facebook’s popular WhatsApp chat app, that spies on users and specifically targeted human rights groups. Facebook patched the flaw last week in the latest WhatsApp version 2.19.244 ... Read More

Sonatype Hosts Global Gatherings of DevSecOps Leaders and Innovators

The month of October is dedicated to intimate gatherings of DevSecOps professionals, thought leaders, and decision makers in cities across North America and Europe. Participants tell us that these forums and roundtables foster dynamic, collaborative conversations ... Read More
OSS for enterprises: Procure Secure Components Faster with Superior Developer Experience

It Pays to Discover Sonatype

The name of the presentation says it all: Procure Secure Components Faster with Superior Developer Experience. So announced Karthik Loganathan and Sheshagiri (Giri) Rao of Discover at the annual DevOps World | Jenkins World conference ... Read More

A More Secure Web Needs Developers, Defenders, Advocates, and OSS

How’s that deodorant of yours working? If you wanted to hear yesterday’s presentation you had to crowd in, close -- it was standing room only. Sonatype’s Derek Weeks (@weekstweets) presented at Global AppSec DC. The conference, sponsored by the OWASP Foundation, is one of the largest gatherings in the open ... Read More
Kubernetes in 10 seconds

Kubernetes in 10 Seconds

Sonatype’s DJ Schleen (@djschleen) demonstrates Kubernetes in 10 seconds: ... Read More
Additional DevSecOps Architecture Reference Material

Take This Interactive DevSecOps Reference Architecture For a Test Drive

How do you get started with DevSecOps? There is so much to consider -- people, processes, tools, and measurement. To help plan and build a DevSecOps practice we’ve offered 40 reference architecture examples. Now, we introduce an interactive tool! Use it to help you visualize and then configure exactly what ... Read More

From Fast Company to Inc, Sonatype Continues Racking Up Notable Awards

Being a new employee is a lot like being the new kid at school. One of the first things you suss out is the difference between expectations and reality. Sometimes the gap is pretty disappointing. Other times, there isn't a gap at all -- in fact, reality exceeds your expectations! ... Read More