dependencies
NVD overload: Unveiling a hidden crisis in vulnerability management
In a Linkedin Live session yesterday, Ilkka Turunen, Field CTO of Sonatype, and Brian Fox, co-founder and CTO, discussed an ongoing critical yet underreported issue in the National Vulnerability Database (NVD) ...
Embracing the AI revolution: Navigating the impact on developers
In the wake of transformative advancements in generative artificial intelligence (AI) and machine learning (ML), the landscape of software development is undergoing a significant shift ...
What are the elements of an SBOM?
A software bill of materials (SBOM) is not just a list, but a detailed inventory that captures the components and dependencies contained within a piece of software ...
Why SBOMs are essential for every organization
In the complicated balancing act of rapid software development and robust cybersecurity, software bills of materials (SBOMs) serve a valuable function to help secure the intricate and vast systems that constitute software ...
Software dependencies: A beginner’s guide
An overwhelming majority of modern software development utilizes open source software components. Individual components rarely operate in isolation. When one component relies on another to work properly, that is defined as a ...
Dependency mapping: A beginner’s guide
Organizations everywhere use open source to expedite development, lower costs, and improve performance. Our annual State of the Software Supply Chain reports consistently reaffirm that open source comprises up to 90% of ...
npm Manifest Confusion – What Is It and Do You Really Need to Worry About It?
Yesterday, Darcy Clarke, a software developer and a former npm CLI team Engineering Manager, steered everyone’s attention towards a gap in the npm registry website – what he calls “manifest confusion.” ...
Top 10 Open Source Software Risks of 2023
Software supply chain issues continue to be a concerning subject of late. Open source software (OSS) has many benefits, yet relying on many open source dependencies could cause security woes if it ...