News and Views

Open Source and Cloud Security Together at Last

| | FEATURED, infrastructure as code, News and Views, Nexus Lifecycle, Product
Today, we’re excited to announce a partnership with Fugue to bring cloud security and compliance into development work streams, helping your teams build, deploy, and manage secure applications in today's popular cloud-native ...
Sonatype Blog

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

| | FEATURED, GitHub, gitpaste12, Industry commentary, News and Views, octopus scanner, Vulnerabilities
Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in ...
Sonatype Blog

Turkish Banking Agency Mandates Better Software Supply Chain Hygiene

| | banking, Industry commentary, News and Views, Partners, secure software supply chain
Today, application attacks and breaches are often the result of easily exploited – and easily rectified – open source vulnerabilities. While we hope companies would self-regulate their cybersecurity hygiene in our software ...
Sonatype Blog

What I Learned from DevSecOps Leaders in a High Tech World

| | Customer Stories, DevSecOps, News and Views
Last week, we hosted our second virtual DevSecOps Leadership Series, focusing on DevSecOps in a High Tech World. With over 300 attendees, the afternoon featured an opening keynote from FISERV followed by ...
Sonatype Blog

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

| | Advanced Development Pack, FEATURED, News and Views, Nexus Lifecycle, Product
In recent years, we at Sonatype have dedicated an extensive amount of time to studying enterprise development teams, open source projects, and how everything in the OSS ecosystem works together. In fact, ...
Sonatype Blog

Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web

| | FEATURED, malicious code npm, News and Views, Nexus Intelligence Insights, Product, vulnerability
Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to ...
Sonatype Blog

Katie Arrington discusses making development move at the speed of relevance

| | DevSecOps in Government, DevSecOps Leadership Forum, government, Guest Post, News and Views
Historically, the advent of Agile development increased the ability of software developers to create apps that met real-time objectives. Then, the rise of DevOps pushed for coordinated efforts between developers and operations ...
Sonatype Blog

Sonatype CEO on The Future of the Software Supply Chain

| | Guest Post, News and Views, Nexus User Conference, State of the Software Supply Chain
As CEO of Sonatype for the past ten years Wayne Jackson has a rich perspective on where software development, and where it intersects with security, is heading. As he noted during an ...
Sonatype Blog

Introducing our 2020 State of the Software Supply Chain Report

| | 2020 Software Supply Chain Report, FEATURED, News and Views, Report/Survey/Whitepaper releases, Software Supply Chains
An analysis of high performance open source development practices ...
Sonatype Blog

Trust and Courage are Essential to a Strong Team Culture

| | cultural transformation, FEATURED, Leadership, News and Views, Sonatype culture/awards, working remotely
Editor's Note: This post was originally shared internally. With the author's permission it is shared here so that prospective coworkers understand what makes Sonatype special. I have been squawking about preserving the ...
Sonatype Blog
Load more