Our world runs on software that contains open source components. This places an increased burden on developers, as the primary consumers and deployers of those components, to use code that is fully ...

Sonatype this week published a State of the Software Supply Chain Report that found a 633% year-over-year increase in malicious attacks aimed at open source software residing in public repositories. In addition, ...

Sonatype today released a report that finds there has been a 650% year-over-year increase in supply chain attacks aimed at upstream public repositories. Cybercriminals hope to compromise these repositories by injecting malware ...

Sonatype today revealed it has acquired MuseDev, a provider of a code analysis tool, in addition to updating its Nexus platform for discovering vulnerabilities in software supply chains. Muse analyzes code each ...

For DevSecOps leaders, 2021 will be the year of the open source supply chain attack. It’s already starting, in fact. On January 7, security researchers at Sonatype identified three malicious Java components ...

Nexus Lifecycle now allows users to scan applications for open source software vulnerabilities, automatically enforce open source governance policies, and easily remediate open source risk for 27 different languages and package formats ...

Partnership to Accelerate Global Growth and Innovation for Automating Open Source Governance and Software Supply Chain Hygiene FULTON, MD., Nov. 18, 2019 (GLOBE NEWSWIRE) -- Sonatype, the company that scales DevOps through open ...

New Integrations Deliver Enterprise-Grade Open Source Governance and Dependency Management to Millions of GitHub Developers SAN FRANCISCO – GitHub Universe, Nov. 12, 2019 (GLOBE NEWSWIRE) -- Sonatype, the company that scales DevOps ...

After almost a year of research that involved studying 36,000 open source software projects, 12,000 enterprise development teams and 3.7 million open source releases, we at Sonatype are excited to share the ...

There are really only two repositories of any scale for software components today: the Nexus repo managed by Sonatype and the Artifactory artifact repo managed by JFrog. Up until now they were ...

Laurie Voss, COO and co-founder at npm (@seldo), tweeted recently that JavaScript packages downloaded from their repository has topped 4 billion. On an annual basis, that would be more than 200 billion ...

We have all been there in a postmortem when someone says, “Let’s get to the root of the problem.” And, we all know what that means: Who or what is to blame? ...