Hot Topics

Aaron Linskens
Sonatype Blog

Going Online With the OWASP Vulnerability Management Guide Working Group

Going Online With the OWASP Vulnerability Management Guide Working Group

| | DevZone, open source risk management, secure software supply chain, Vulnerabilities
  ... Read More
Sonatype Blog
Best Practices in Dependency Management: Cooking a Meal of Gourmet Code

Best Practices in Dependency Management: Cooking a Meal of Gourmet Code

| | AppSec, DevSecOps, DevZone, Log4j, Maven, open source, secure software supply chain
  ... Read More
Sonatype Blog

Open Source Basic Practices for Higher Quality Code to Fundamentally Strengthen Your Project

| | DevZone, Events and Webinars, open source, Post developers/devops, SBOM, Sonatype Lift
Sonatype has partnered with the Cloud Native Computing Foundation (CNCF) for Security Slam, an event to help improve the security of open source projects. To extend the value of this event, we created a series of blog posts on best practices for open source maintainers ... Read More
Sonatype Blog

This Week in Malware – Over 70 Packages Discovered

| | DevZone, malware prevention, npm, PyPI, This Week in Malware, Vulnerabilities
This week in malware, we discovered and analyzed six dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
Sonatype Blog

An Open Source Maintainer’s Best Practice: How to Use SBOMs to Root Out Project Vulnerabilities

| | DevZone, Events and Webinars, open source, open source best practices
Sonatype has partnered with the Cloud Native Computing Foundation (CNCF) for Security Slam, an event to help improve the security of open source projects. To extend the value of this event, we created a series of blog posts on best practices for open source maintainers. Here in the second post ... Read More
Sonatype Blog

This Week in Malware – Nearly 40 Packages Discovered

| | DevZone, malware prevention, npm, PyPI, This Week in Malware, Vulnerabilities
This week in malware, we discovered and analyzed nearly 40 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
Sonatype Blog

Open Source Best Practices: Key Documents to Help Welcome New Contributors to Your Project

| | DevZone, Events and Webinars, open source, open source best practices
As part of Sonatype’s partnership with the Cloud Native Computing Foundation (CNCF) for our Security Slam event aimed at helping improve security of open source projects, we created a series of blog posts on best practices for open source maintainers ... Read More
Sonatype Blog

This Week in Malware – Over 50 Packages Discovered

| | DevZone, malware prevention, npm, PyPI, This Week in Malware, Vulnerabilities
This week in malware, we discovered and analyzed nearly five dozen packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
Sonatype Blog

This Week in Malware – Over 100 Packages Discovered

| | DevZone, malware prevention, npm, PyPI, This Week in Malware, Vulnerabilities
This week in malware, we discovered and analyzed more than 100 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
Sonatype Blog

This Week in Malware – 135 Packages Target npm and PyPI Registries

| | DevZone, malware prevention, npm, PyPI, This Week in Malware, Vulnerabilities
This week in malware, we discovered and analyzed 135 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries ... Read More
Sonatype Blog