Perception Versus Reality: a Data-Driven Look at Open Source Risk Management

On October 18th, 2022, Sonatype published the 8th Annual State of the Software Supply Chain. The report is our ongoing contribution to a growing body of knowledge and software development using third-party ...

Open Source Basic Practices for Higher Quality Code to Fundamentally Strengthen Your Project

Sonatype has partnered with the Cloud Native Computing Foundation (CNCF) for Security Slam, an event to help improve the security of open source projects. To extend the value of this event, we ...

Kubernetes Containers a Boon for Developers

What is Kubernates and why do we care about it? It starts with containers, says Hossam Barakat (@hossambarakat_). We used to run multiple applications directly on the host server. Then we started ...

How to Upskill Your Team with Kubernetes

I’m the Engineering Manager for the Cloud Innovation team at Temenos where I manage seven senior DevOps engineers. As our company is getting into more cloud providers, we decided to get into ...

OWASP Top 10 Overview

OWASP is a very cool community dedicated to helping organizations build software that can be trusted. It came online in 2001 and was established as a non-profit in April of 2004. Its ...

Continuously Improve CI/CD with Nexus Lifecycle and Bitbucket Code Insights

Over the last few weeks we’ve been highlighting our integrations with Atlassian that bring open source governance insights right into your favorite Atlassian tools. We have integrations for planning and building applications ...

Custom Node Module Management using Private npm Registry Configured in Nexus Repository

When we are developing software applications, we design reusable components to apply the power and benefit of reuse. Reuse is still an emerging discipline. It appears in many different forms from ad-hoc ...

Observability Made Easy with Synthetic Monitoring

When Christina Yakomin (@SREChristina) started her journey toward synthetic monitoring, she owned a platform for containerized applications and all of the underlying infrastructure. But she didn't own the applications themselves that were ...

Can Kubernetes Keep a Secret?

Every application uses secrets to function. These secrets include usernames and passwords, API keys, and other similar private keys. Applications running inside Kubernetes are no exception. Unfortunately, Kubernetes has a reputation for ...

DevOps Assurance with OWASP SAMM

Today we’re going to discuss OWASP. More specifically, we’ll focus on SAMM and how it pairs with DevOps ...