infrastructure as code
Why MCP Gateways are a Bad Idea (and What to Do Instead)Â Â
MCP Gateways are the wrong abstraction for AI security. Discover why runtime hooks and MCP registries offer a superior, context-aware defense against data leaks and unauthorized tool calls in modern agentic architectures ...
Secure, Reliable Terraform At Scale With Sonatype Nexus Repository
Terraform has become the de facto standard for infrastructure as code (IaC). From cloud-native startups to global enterprises, teams rely on Terraform to define, provision, and manage infrastructure with speed and consistency ...
Can GitOps Improve Application Security?
GitOps is a set of practices for managing infrastructure and application deployment using Git version control systems. GitOps uses a Git repository as a single source of truth for declarative configuration of ...
Supply Chain Emerging as Cloud Security Threat
Misconfigurations in software development environments and poor security hygiene in the supply chain can impact cloud infrastructure and offer opportunities for malicious actors to control unwitting victims’ software development processes. These were ...
Secure What You Build and Where You Run It:Â Say Hello to the Infrastructure as Code Pack for Nexus Lifecycle
What is the IaC Pack and Why Should You Care? The Infrastructure as Code Pack is a new add-on to Nexus Lifecycle that enables developers to easily find and fix security vulnerabilities ...
Why Sonatype is Acquiring MuseDev
Ask any software developer, and they will tell you the truth about two things: Conventional code analysis and application security tools are overly noisy and generally not well integrated into the developer ...
2021 Cybersecurity Predictions: Our Experts Weigh In
To say that 2020 was an unusual year would be an understatement. Business, government, healthcare, and education drastically changed with many organizations making massive digital transformations that were completely unplanned in many ...
Open Source and Cloud Security Together at Last
Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today's popular cloud-native ...
Integrating Infrastructure as Code into a Continuous Delivery Pipeline
We’re here to talk about integrating infrastructure as code into a continuous delivery pipeline. We’ll start by defining infrastructure as code then explain some of the problems it solves. Defining Infrastructure as ...
Jobs As Code: Selecting the Best Tools and Deconstructing the CI/CD Pipeline
Who wants to mow the lawn with a pair of scissors? No one. Nothing compares to the ease of using the right tool for the job ...
