Sonatype Lifecycle
5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook
Let's be honest about the legacy Risk Management Framework (RMF): for the last decade, achieving an ATO has been less about actual cybersecurity and more about creative writing. We built three-year "snapshot" ...
Managing Open Source Software Risks With the HeroDevs EOL Dashboard
Modern software delivery runs on open source. But as dependency graphs expand and application lifecycles stretch across years, end-of-life (EOL) components are becoming a structural security challenge ...
When AI Writes Code, Who Governs the Dependencies?
The Department of War'sCall for Solutions on AI-enabled coding capabilities (CDAO_26-01) arrives at exactly the right moment. Today's AI coding assistants have moved beyond experiments in productivity to becoming the basis for ...
Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds
Modern software development runs on open source. Nearly every application is built from a combination of third-party components, transitive dependencies, and rapidly evolving package ecosystems ...
pac4j CVE-2026-29000: Sonatype Finds 18 Additional Packages
A newly disclosed critical vulnerability in the widely used pac4j authentication framework is drawing attention across the open source community. Tracked as CVE-2026-29000, the flaw affects the pac4j-jwt library, which is commonly ...
Securing and scaling InnerSource with automation
As organizations strive for greater collaboration and innovation in their software development processes, practices like "InnerSource" are taking center stage ...
Streamline SCA with Sonatype’s build-safe automation
As open source adoption accelerates across the enterprise, so too does its complexity. Development teams are building software with hundreds of components, each carrying its own risks, release cycles, and dependencies ...
Securing multi-environment deployments: Cloud, on-premise, and air-gapped
Modern software delivery makes use of many different deployment environments, from public cloud to private cloud and traditional on-premise data centers to highly secured air-gapped systems. Organizations take advantage of multiple deployment ...
Customer spotlight: Discover how Sonatype is helping lead the way in software supply chain security
With 2025 in full swing, it's clear this year will be transformational as the open source landscape continues to evolve faster than ever. Helping developers navigate this environment is why Sonatype exists, ...
Sonatype customers leading with innovation in the new year
As we kick off 2025, software's role in our daily lives has never been more apparent, and the integrity of our open source components has never been more important. We have the ...
