software supply chain automation Archives

AI Is Making Software Autonomous, and Governance Must Follow

Mitchell Johnson | May 27, 2026 | AI, Artificial Intelligence, automated open source governance, Automation, Development, governance, software supply chain automation, Thought Leaders

In 2011, Marc Andreessen famously wrote that "software is eating the world." Today, software is no longer just a competitive advantage; it is the foundational infrastructure for nearly every industry. We don't merely ...

2024 Sonatype Blog

Automation you can trust: Cut backlogs without breaking builds

Aaron Linskens | June 4, 2025 | automated open source governance, automated security, Automation, dependencies, software supply chain automation

Engineering teams live in a paradox — under pressure to ship software faster than ever, yet every new open source component introduces hidden risk. Security backlogs pile up as developers scramble to ...

2024 Sonatype Blog

A guide for open source software (OSS) security

Aaron Linskens | May 10, 2024 | DevZone, open source, secure software supply chain, software supply chain automation, Sonatype Lifecycle, Sonatype Repository Firewall

When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component's security emerges as a critical task. This involves not only ...

Sonatype Blog NEW 2024

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...

Security Boulevard

A guide for open source software (OSS) security

Aaron Linskens | August 28, 2023 | DevZone, open source, secure software supply chain, software supply chain automation, Sonatype Lifecycle, Sonatype Repository Firewall

When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component’s security emerges as a critical task. This involves not only ...

Sonatype Blog

DevSecOps Leadership Forum: Revolutionizing Financial Services

Sonatype | May 30, 2023 | DevSecOps, DevSecOps Leadership Forum, financial services industry, software supply chain automation

...

Sonatype Blog

Sonatype’s Nexus Firewall is an Easy Solution for a Big Problem

Audra Davis-Hurst | April 3, 2023 | FEATURED, malware prevention, Nexus Firewall, Nexus Platform, secure software supply chain, software supply chain automation

...

Sonatype Blog

Sonatype Repository Firewall is an Easy Solution for a Big Problem

Audra Davis-Hurst | April 3, 2023 | FEATURED, malware prevention, secure software supply chain, software supply chain automation, Sonatype Platform, Sonatype Repository Firewall

...

Sonatype Blog

Comparing SBOM Standards: SPDX vs. CycloneDX

Luke Mcbride | February 16, 2023 | CycloneDX, SBOM, software bill of materials, software supply chain automation, SPDX, SWID

In our 8th Annual State of the Software Supply Chain Report, we detailed upcoming government regulation coming to protect national interests globally. Because software is frequently built from third-party open source components, ...

Sonatype Blog

5 Tools to Automate SBOM Creation

Eddie Knight | February 13, 2023 | agile development, DevZone, SBOM, software supply chain automation

...

Sonatype Blog

software supply chain automation

AI Is Making Software Autonomous, and Governance Must Follow

Automation you can trust: Cut backlogs without breaking builds

A guide for open source software (OSS) security

GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL

A guide for open source software (OSS) security

DevSecOps Leadership Forum: Revolutionizing Financial Services

Sonatype’s Nexus Firewall is an Easy Solution for a Big Problem

Sonatype Repository Firewall is an Easy Solution for a Big Problem

Comparing SBOM Standards: SPDX vs. CycloneDX

5 Tools to Automate SBOM Creation

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On