Open Source Basic Practices for Higher Quality Code to Fundamentally Strengthen Your Project
Sonatype has partnered with the Cloud Native Computing Foundation (CNCF) for Security Slam, an event to help improve the security of open source projects. To extend the value of this event, we created a series of blog posts on best practices for open source maintainers ... Read More
This Week in Malware – Over 70 Packages Discovered
This week in malware, we discovered and analyzed six dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
An Open Source Maintainer’s Best Practice: How to Use SBOMs to Root Out Project Vulnerabilities
Sonatype has partnered with the Cloud Native Computing Foundation (CNCF) for Security Slam, an event to help improve the security of open source projects. To extend the value of this event, we created a series of blog posts on best practices for open source maintainers. Here in the second post ... Read More
This Week in Malware – Nearly 40 Packages Discovered
This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
Open Source Best Practices: Key Documents to Help Welcome New Contributors to Your Project
As part of Sonatype’s partnership with the Cloud Native Computing Foundation (CNCF) for our Security Slam event aimed at helping improve security of open source projects, we created a series of blog posts on best practices for open source maintainers ... Read More
This Week in Malware – Over 50 Packages Discovered
This week in malware, we discovered and analyzed nearly five dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
This Week in Malware – Over 100 Packages Discovered
This week in malware, we discovered and analyzed more than 100 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
This Week in Malware – 135 Packages Target npm and PyPI Registries
This week in malware, we discovered and analyzed 135 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More