White House Releases Executive Order on America’s Software Supply Chains

Following the end of 2020 software supply chain attacks on SolarWinds that impacted multiple government agencies and private sector companies, President Biden issued a 2021 executive order  asking for a comprehensive review of all government suppl… Continue reading White House Releases Executive Order on America’s Software Supply Chains

How to Establish an Open Source Program Office

It feels like some people don’t have a strong understanding of open source. Some misunderstandings have come from working with open source in an environment filled with proprietary software. When the words “open” and “sourc… Continue reading How to Establish an Open Source Program Office

Developers Gain Contextual Feedback with Automated Pull Request Commenting

At Sonatype, we work continuously to increase awareness of open source risk, and decrease the time it takes you to make your applications safe. It is our never ending quest to shift security left. We’ve rolled out even more granular and auto… Continue reading Developers Gain Contextual Feedback with Automated Pull Request Commenting

Four Common Security Acronyms Explained

Editor’s Note: This is the first in a series of posts about the 2020 DevSecOps Reference Architecture developed by DJ Schleen. In this series DJ explains various parts of the pipeline architecture.
I just released an updated version of the D… Continue reading Four Common Security Acronyms Explained

Keep GitHub Dependencies Secure with Nexus Lifecycle’s Automated Pull Requests

As organizations seek to innovate faster and build more secure applications at scale, the one trend we are seeing is the desire to automate dependency management. In fact this trend was evident in our 2019 State of the Software Supply Chain Report… Continue reading Keep GitHub Dependencies Secure with Nexus Lifecycle’s Automated Pull Requests

Deloitte Names Sonatype in ‘Technology Fast 500’ for Fourth Consecutive Year

If the topic is speed, the subject is Sonatype.
This week, Sonatype received another recognition in the form of Deloitte’s Technology Fast 500™ ranking, our fourth year on the list. The list recognizes the fastest growing technology, m… Continue reading Deloitte Names Sonatype in ‘Technology Fast 500’ for Fourth Consecutive Year

It Pays to Discover Sonatype

The name of the presentation says it all: Procure Secure Components Faster with Superior Developer Experience. So announced Karthik Loganathan and Sheshagiri (Giri) Rao of Discover at the annual DevOps World | Jenkins World conference.
T… Continue reading It Pays to Discover Sonatype

What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

What secrets did Toyota unlock decades ago that drive the success of today’s software supply chain?
Sonatype’s Matt Howard explained during a chat with Dave Bittner on an episode of The CyberWire Daily podcast.
The post What Toyota Unl… Continue reading What Toyota Unlocked Decades Ago Drives Software Supply Chain Management Today

A World of Infinite Choice in Open Source Software

We recently released the fifth annual State of the Software Supply Chain Report in London. This year, we worked with Gene Kim and Dr. Stephen Magill to examine our largest data sample ever. Our goal? To qualify and quantify how exemplary developme… Continue reading A World of Infinite Choice in Open Source Software

Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

We wind up the month of August with stories on the latest Apache Struts hack—bad news, if you remember Equifax—and what you need to do now to protect yourself. Plus news on plane, ATM, and even water heater hacks, and a primer on what to lo… Continue reading Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters