Katie McCaskey
Katie McCaskey
Sonatype Blog

Why Software Composition Analysis (SCA) Demands Precision

| | FEATURED, Industry commentary, News and Views, Software Composition Analysis, software innovation, Software Security
As leaders in software composition analysis (SCA), we know its role throughout today’s software supply chain. SCA was born out of necessity. How else could innovators discover, identify, and track open source software (OSS) components within their applications? SCA may be best known for tracking capabilities, such as adherence to ... Read More
Sonatype Blog

PyPi ‘Cheese Shop’ Malware Illustrates Software Supply Chain Risk Vector

| | 2019 State of the Software Supply Chain Report, Cheese Shop, dependencies, dependency injection, Post security/devsecops, PyPI, Vulnerabilities
Recent malware installed in PyPI underscores the need for code verification at the code repository level to defend the software supply chain ... Read More
Sonatype Blog

Extreme Endurance Required

| | News and Views, Sonatype culture/awards
Mark Dodgson, Sonatype software engineer (@mdodgson76), will test his limits starting this Sunday, July 21, in the Deca Ironman event in York, England ... Read More
Sonatype Blog

DevOps at the US Patent and Trademark Office

| | devops in government, DevSecOps in Government, Post developers/devops
Discussions of DevOps in government are always popular because it is a tough subject. Few have successfully cracked the code, and, even if they have, it is a slow, uphill climb with unique challenges ... Read More
Sonatype Blog

A World of Infinite Choice in Open Source Software

| | 2019 State of the Software Supply Chain Report, News and Views, Open Source Governance, open source management, open source software supply chain, Post developers/devops
We recently released the fifth annual State of the Software Supply Chain Report in London. This year, we worked with Gene Kim and Dr. Stephen Magill to examine our largest data sample ever. Our goal? To qualify and quantify how exemplary development teams operate ... Read More
Sonatype Blog

Repository Management: An Easy Way to Minimize Risk

| | Nexus Repository, Nexus User Conference, Product, repository manager
You're probably familiar with JVM, or the Java Virtual Machine. It's a standard diagnostic interface used to test Java software; so standard, in fact, that Mykel Alvis (@mykelalvis) of Array Consulting urges developers to think beyond its testing capabilities. They need to think about repository managers ... Read More
Sonatype Blog

New Cloud-Native CI/CD Projects OpenShift and Tekton

| | CI-CD, DevSecOps, Nexus User Conference, OpenShift, Post developers/devops, RedHat, Tekton
Siamak Sadeghianfar (@siamaks), Product Manager at RedHat, did shared details about two brand-new open source projects, OpenShift and Tekton, at the 2019 Nexus User Conference. These projects, inspired by Jenkins, aim to standardize Kubernetes CI/CD pipelines in a way that wasn’t possible before ... Read More
Sonatype Blog

DevSecOps Without Compromise

| | Nexus Repository, OSS, Post security/devsecops, tool chain
Oliver Milke (@OliverMilke) of Cloudogu (@Cloudogu) thinks it is time to think differently about the way to provision and operate a DevSecOps toolchain. He outlined his ideas and showed how they could be done, step-by-step, at the Nexus User Conference ... Read More
Sonatype Blog

Achieving a Managed State Model For Your Software Supply Chain

| | DevSecOps, open source, open source software supply chain, Post security/devsecops
Santi Mulukutla, Customer Success Engineer at Sonatype, invites you to embrace ambiguity. Building a successful software supply chain means developing a framework. Most importantly, that framework should be flexible and scalable. It should continue to prompt questions to keep your team moving forward. In other words: a framework for change ... Read More
Sonatype Blog

DevSecOps: Security at the Speed of DevOps

| | DevSecOps, Post security/devsecops
How do you foster the cultural change necessary to implement DevSecOps? ... Read More
Sonatype Blog