Sonatype Lifecycle
Streamline SCA with Sonatype’s build-safe automation
As open source adoption accelerates across the enterprise, so too does its complexity. Development teams are building software with hundreds of components, each carrying its own risks, release cycles, and dependencies ...
Securing multi-environment deployments: Cloud, on-premise, and air-gapped
Modern software delivery makes use of many different deployment environments, from public cloud to private cloud and traditional on-premise data centers to highly secured air-gapped systems. Organizations take advantage of multiple deployment ...
Customer spotlight: Discover how Sonatype is helping lead the way in software supply chain security
With 2025 in full swing, it's clear this year will be transformational as the open source landscape continues to evolve faster than ever. Helping developers navigate this environment is why Sonatype exists, ...
Sonatype customers leading with innovation in the new year
As we kick off 2025, software's role in our daily lives has never been more apparent, and the integrity of our open source components has never been more important. We have the ...
Secure your software supply chain with the Sonatype and GitHub integration
To prioritize software supply chain security, organizations can focus on seamless integrations that improve visibility and simplify workflows, ensuring more efficient development processes ...
Enhance security with the Sonatype Lifecycle and GitLab Ultimate integration
For an organization to place greater emphasis on software supply chain security, seamless integrations that enhance visibility and streamline workflows remain essential. Sonatype is thrilled to unveil an enhanced integration between Sonatype ...
Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight
Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ...
Embracing dependency management in software development
With open source forming the backbone of modern software, effective management of software dependencies is an inevitable challenge for development and security teams ...
Npm packages conceal macOS malware in ‘travis.yml’ files, drop bogus “Safari Updates”
Three npm packages identified by Sonatype this week conceal malware in "travis.yml," a CI/CD build configuration file used by Travis CI. These packages contain metadata, description, and code copied from the legitimate ...
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration
We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration ...
