LLM vector and embedding risks and how to defend against them
As large language model (LLM) applications mature, the line between model performance and model vulnerability continues to blur ...
Beyond IPs: Addressing organizational overconsumption in Maven Central
When we published Maven Central and the Tragedy of the Commons, we highlighted a disturbing pattern: just 1% of IP addresses accounted for 83% of Maven Central's total bandwidth, often traced back ...
Secure mobile applications with Dart, Flutter, and Sonatype
The Dart coding language and the Flutter framework architecture are gaining traction among developers looking to build fast, reliable, cross-platform applications ...
Open source policy management: How Sonatype supports security at scale
As organizations rely more heavily on open source components, software composition analysis (SCA) has become essential for identifying risks. But visibility alone is not enough. What turns insight into action is effective ...
Automation you can trust: Cut backlogs without breaking builds
Engineering teams live in a paradox — under pressure to ship software faster than ever, yet every new open source component introduces hidden risk. Security backlogs pile up as developers scramble to ...
Streamline SCA with Sonatype’s build-safe automation
As open source adoption accelerates across the enterprise, so too does its complexity. Development teams are building software with hundreds of components, each carrying its own risks, release cycles, and dependencies ...
SBOM management and generation: How Sonatype leads in software supply chain visibility
As software supply chain threats become more complex, organizations need more than just vulnerability scanning — they need complete visibility into the components that make up their applications ...
Java at 30: From portable promise to critical infrastructure
Thirty years ago, Java introduced the world to "write once, run anywhere." What began as a bold promise of portability and simplicity soon transformed into a defining force in modern software ...
The OWASP LLM Top 10 and Sonatype: Data and model poisoning
Artificial intelligence (AI) continues to redefine what is possible in software, from predictive models to generative content. But as AI systems grow in power, so too do the threats targeting their foundations, ...
Developing with Docker and Sonatype: Building secure software at scale
Docker remains a cornerstone of modern development environments, helping teams containerize applications, speed up delivery pipelines, and standardize across systems. But as container usage grows, so do concerns about software supply chain ...
