Hot Topics

dependencies

NVD overload: Unveiling a hidden crisis in vulnerability management

NVD overload: Unveiling a hidden crisis in vulnerability management

| | component governance, dependencies, Events and Webinars, government, Vulnerabilities
In a Linkedin Live session yesterday, Ilkka Turunen, Field CTO of Sonatype, and Brian Fox, co-founder and CTO, discussed an ongoing critical yet underreported issue in the National Vulnerability Database (NVD) ...
Sonatype Blog
Embracing the AI revolution: Navigating the impact on developers

Embracing the AI revolution: Navigating the impact on developers

| | Artificial Intelligence, dependencies, News and Views, Report/Survey/Whitepaper releases, software supply chain
In the wake of transformative advancements in generative artificial intelligence (AI) and machine learning (ML), the landscape of software development is undergoing a significant shift ...
Sonatype Blog
What are the elements of an SBOM?

What are the elements of an SBOM?

| | dependencies, SBOM, software bill of materials, software supply chain
A software bill of materials (SBOM) is not just a list, but a detailed inventory that captures the components and dependencies contained within a piece of software ...
Sonatype Blog
Why SBOMs are essential for every organization

Why SBOMs are essential for every organization

| | Cybersecurity, dependencies, SBOM, software supply chain
In the complicated balancing act of rapid software development and robust cybersecurity, software bills of materials (SBOMs) serve a valuable function to help secure the intricate and vast systems that constitute software ...
Sonatype Blog
Software dependencies: A beginner’s guide

Software dependencies: A beginner’s guide

| | dependencies, open source development, software supply chain, Sonatype Lifecycle
An overwhelming majority of modern software development utilizes open source software components. Individual components rarely operate in isolation. When one component relies on another to work properly, that is defined as a ...
Sonatype Blog
Dependency mapping: A beginner's guide

Dependency mapping: A beginner’s guide

| | Application Security, dependencies, open source, software supply chain, Vulnerabilities
Organizations everywhere use open source to expedite development, lower costs, and improve performance. Our annual State of the Software Supply Chain reports consistently reaffirm that open source comprises up to 90% of ...
Sonatype Blog
npm Manifest Confusion – What Is It and Do You Really Need to Worry About It?

npm Manifest Confusion – What Is It and Do You Really Need to Worry About It?

| | dependencies, DevZone, FEATURED, npm, open source
Yesterday, Darcy Clarke, a software developer and a former npm CLI team Engineering Manager, steered everyone’s attention towards a gap in the npm registry website – what he calls “manifest confusion.” ...
Sonatype Blog

Power Up Your Dependencies: The Parallels of SBOMs and Mario Kart

| | dependencies, FEATURED, open source, SBOM, secure software supply chain
  ...
Sonatype Blog
vulnerability curl patch

Top 10 Open Source Software Risks of 2023

| | dependencies, Endor Labs, open source, OSS, Software Security, Vulnerabilities
Software supply chain issues continue to be a concerning subject of late. Open source software (OSS) has many benefits, yet relying on many open source dependencies could cause security woes if it ...
Security Boulevard

Rule Over Your Dependencies and Scan at Your Own Open Source Risk

| | code scanning, dependencies, DevZone, open source, software supply chain, Vulnerabilities
  ...
Sonatype Blog
Load more