Why You Need a Software Bill of Materials More Than Ever

Imagine that a new vulnerability in lodash was just announced. Applications using the npm package are being exploited through large scale automated DoS attacks. You need to act quickly to understand if ...
Nexus Lifecycle Now Integrates with Red Hat Clair to Secure Containers Across the SDLC

Nexus Lifecycle Now Integrates with Red Hat Clair to Secure Containers Across the SDLC

Developers are continuing to leverage containers to reliably move software applications between environments, making them an integral part of every DevOps pipeline. In fact, according to Sonatype’s 2019 State of the Software ...

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

What secrets did Toyota unlock decades ago that drive the success of today’s software supply chain? Sonatype’s Matt Howard explained during a chat with Dave Bittner on an episode of The CyberWire ...
Inner Circle Podcast Episode 020 – Ivan Novikov Chats about Fuzzing in Testing

Inner Circle Podcast Episode 020 – Ivan Novikov Chats about Fuzzing in Testing

An application is no longer a product. In the world of cloud, and DevOps, and containers, an application is a process. There is no distinct beginning or end to development. The application ...