secure software supply chain
Managing Open Source Software Risks With the HeroDevs EOL Dashboard
Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across years, end-of-life (EOL) components are becoming a structural security challenge ...
How to Build a Software Supply Chain Security Playbook
In the first post in this series, we looked at why software supply chain risk has become a growing security challenge. Modern applications depend on sprawling ecosystems of open source packages, automated ...
The Evolution of Open Source Malware: From Volume to Trust Abuse
Open source malware is no longer just a numbers game. What was once largely a volume problem — thousands of malicious packages flooding public registries through typosquatting, brandjacking, and low-effort deception — ...
The Mythos AI Vulnerability Storm: What to Do Next
AI is transforming both software development and software risk ...
Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition
Software supply chain security is maturing. The practitioners leading that charge deserve more than a customer portal ...
Mythos and the AI Vulnerability Storm: Exploring the Control Point
The Inflection Point Is Here With Mythos, Anthropic showed that AI can find vulnerabilities in minutes that once took skilled technologists months to find. This shift is a coming storm for developers ...
Why Software Supply Chain Security Requires a New Playbook
Software is being built faster than ever, but application security has not kept up ...
How Sonatype’s Container Scanning Protects You From Zero-Days
Software development moves fast, and engineering teams face intense pressure to deliver applications securely without slowing down. Containers offer incredible speed and portability, allowing developers to build and deploy applications rapidly. But ...
Autonomous Development and AI: Speed vs. Security
AI-assisted development is changing how software gets built. What began as a productivity boost is quickly becoming something bigger ...
Securing the Software Supply Chain: A Federal Imperative for 2026
As federal systems continue to underpin mission execution, software supply chain security has moved from a technical concern to a leadership responsibility. In 2026, the ability to understand, manage, and defend software ...
