Top open source licenses and legal risk for developers

Top open source licenses and legal risk for developers

Learn about the top open source licenses used by developers, including the 20 most popular open source licenses, and their legal risk categories. The post Top open source licenses and legal risk ...
Top 3 reasons to choose Black Duck

Top 3 reasons to choose Black Duck

What sets Black Duck apart from other SCA solutions? Industry-leading innovation, extensive vulnerability detection, and a broad range of integrations. The post Top 3 reasons to choose Black Duck appeared first on ...
How to choose application security vendors and tools

How to choose application security vendors and tools

Unless you build your own AppSec tools, you need to know how to choose an application security vendor and whether to opt for individual tools or a suite. The post How to ...
The Open Source Cookbook: Understanding Your Software Ingredients

The Open Source Cookbook: Understanding Your Software Ingredients

As I introduced in my last article, where we explored the variance among open source components, distros, and forks, open source software and modern application development can be equated to baking. This ...

Win a $100 Gift Card: Take a Brief Survey on Software Composition Analysis

Sonatype is building a software composition analysis tool for GitHub Actions and would love to understand your needs. If you are excited about GitHub Actions and looking for ways to understand the ...
Introducing Black Duck for Google Cloud Build

Introducing Black Duck for Google Cloud Build

To support the launch of Binary Authorization, we’re releasing Black Duck for Google Cloud Build to help ensure your images are free of policy violations. The post Introducing Black Duck for Google ...
Introducing the Black Duck Jira Cloud integration

Introducing the Black Duck Jira Cloud integration

The Black Duck Jira Cloud integration is based on a flexible, customizable model, backed by the same exemplary Black Duck software composition product. The post Introducing the Black Duck Jira Cloud integration ...

Why Software Composition Analysis (SCA) Demands Precision

As leaders in software composition analysis (SCA), we know its role throughout today’s software supply chain. SCA was born out of necessity. How else could innovators discover, identify, and track open source ...
What happens when your CISO has one of those days?

What happens when your CISO has one of those days?

A CISO having a bad day finds out the hard way that cutting corners on software security testing might end up costing him more than he saved. The post What happens when ...
You’re using open source software, and you need to keep track of it

You’re using open source software, and you need to keep track of it

How should you track open source? It’s almost definitely in your codebase, so the question is not whether to track it but what could happen if you don’t. The post You’re using ...