Collaborate Disseminate
Today, application attacks and breaches are often the result of easily exploited – and easily rectified – open source vulnerabilities. While we hope companies would self-regulate their cybersecurity hygiene in our software driven world, daily brea… Continue reading Turkish Banking Agency Mandates Better Software Supply Chain Hygiene
Last week, we hosted our second virtual DevSecOps Leadership Series, focusing on DevSecOps in a High Tech World. With over 300 attendees, the afternoon featured an opening keynote from FISERV followed by two panel discussions with leaders from Sir… Continue reading What I Learned from DevSecOps Leaders in a High Tech World
In recent years, we at Sonatype have dedicated an extensive amount of time to studying enterprise development teams, open source projects, and how everything in the OSS ecosystem works together. In fact, in a two-year-long study with Gene Kim and … Continue reading Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management
Sonatype researchers discovered and confirmed the presence of two new vulnerable npm packages. Sonatype’s discovery was initially made by its malicious code detection bots. By applying machine learning and artificial intelligence to identify suspi… Continue reading Sonatype finds malicious npm packages which broadcast your IP, username, and device fingerprint info on the web
Historically, the advent of Agile development increased the ability of software developers to create apps that met real-time objectives. Then, the rise of DevOps pushed for coordinated efforts between developers and operations by moving operations… Continue reading Katie Arrington discusses making development move at the speed of relevance
As CEO of Sonatype for the past ten years Wayne Jackson has a rich perspective on where software development, and where it intersects with security, is heading. As he noted during an interview with Sonatype’s CMO Matt Howard during the company’s 2… Continue reading Sonatype CEO on The Future of the Software Supply Chain
When we are developing software applications, we design reusable components to apply the power and benefit of
reuse. Reuse is still an emerging discipline. It appears in many different forms from ad-hoc reuse to systematic reuse, and fro… Continue reading Custom Node Module Management using Private npm Registry Configured in Nexus Repository
When Christina Yakomin (@SREChristina) started her journey toward synthetic monitoring, she owned a platform for containerized applications and all of the underlying infrastructure. But she didn’t own the applications themselves that were deployed… Continue reading Observability Made Easy with Synthetic Monitoring
When Christina Yakomin (@SREChristina) started her journey toward synthetic monitoring, she owned a platform for containerized applications and all of the underlying infrastructure. But she didn’t own the applications themselves that were deployed… Continue reading Observability Made Easy with Synthetic Monitoring
Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, you know what you’ve used, but not the quality of the ingredients themselves. In the realm of… Continue reading Octopus Malware Compromises 26 OSS Projects on GitHub