Open Source and Cloud Security Together at Last

Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today's popular cloud-native ...

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in ...

Turkish Banking Agency Mandates Better Software Supply Chain Hygiene

Today, application attacks and breaches are often the result of easily exploited – and easily rectified – open source vulnerabilities. While we hope companies would self-regulate their cybersecurity hygiene in our software ...

What I Learned from DevSecOps Leaders in a High Tech World

Last week, we hosted our second virtual DevSecOps Leadership Series, focusing on DevSecOps in a High Tech World. With over 300 attendees, the afternoon featured an opening keynote from FISERV followed by ...

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

In recent years, we at Sonatype have dedicated an extensive amount of time to studying enterprise development teams, open source projects, and how everything in the OSS ecosystem works together. In fact, ...

Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web

Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to ...

Katie Arrington discusses making development move at the speed of relevance

Historically, the advent of Agile development increased the ability of software developers to create apps that met real-time objectives. Then, the rise of DevOps pushed for coordinated efforts between developers and operations ...

Sonatype CEO on The Future of the Software Supply Chain

As CEO of Sonatype for the past ten years Wayne Jackson has a rich perspective on where software development, and where it intersects with security, is heading. As he noted during an ...

Trust and Courage are Essential to a Strong Team Culture

Editor's Note: This post was originally shared internally. With the author's permission it is shared here so that prospective coworkers understand what makes Sonatype special. I have been squawking about preserving the ...