Everything Open Source
How to Establish an Open Source Program Office
It feels like some people don’t have a strong understanding of open source. Some misunderstandings have come from working with open source in an environment filled with proprietary software. When the words ...
OSS Index Contributor Asks: Where ‘R’ You?
Editor's Note: Many people contribute their time and talents to open source projects. It's always interesting to discover the diversity of expertise and perspective. Many developers are introduced to Sonatype by way ...
NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities
This Spring, the National Institute of Standards and Technology (NIST), released updated recommendations (.pdf) to improve software resilience against vulnerabilities. This builds on an earlier, four-part framework released last year. As the ...
Community Updates: Nancy Has a New Ship, and Found oysteRs
The community team at Sonatype has been working hard on upgrading docker-nancy from a Post Panamax cargo ship to a new and improved Triple E vessel. (See the diagram below). As a ...
Four Common Security Acronyms Explained
Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture ...
How to Easily Identify Conda Vulnerabilities Using Sonatype Jake
Vulnerabilities in our Python environments are really irritating. They slow us down, are difficult to identify, and can delay the development process. What makes them more frustrating is that most of these ...
Gartner: The Crucial Role of OSS License Compliance
Gartner’s report, Technology Insight for Software Composition Analysis, makes four recommendations to improve software security. The first is to ensure a software bill of materials (or SBOM) exists for every software application; ...
“This is the New Op Model” – Why State Farm Sponsored ADDO, and the Results
Sonatype is among the many supporters of All Day DevOps (ADDO), the world’s largest conference for DevOps practitioners. Close to 40,000 people attended this year’s 24-hour event -- and 10% of them ...
October is Cyber Security Awareness Month. Developers Are Some of Our Best Guardians.
October is National Cybersecurity Awareness Month (NCSAM). NCSAM is a joint effort between government and industry to raise awareness about cyber threats. This year, NCSAM highlights three areas where cyber security protections ...
Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security
Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source - ...
