Hot Topics

DevZone

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

“Quoi…? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

| | DevZone, Malware Analysis, PyPI, Sonatype Repository Firewall
We’ve got a rather interesting malicious finding this month to talk about, the one that mixes a meme with malware ...
Sonatype Blog
A Closer Look: Differentiating Software Vulnerabilities and Malware

A Closer Look: Differentiating Software Vulnerabilities and Malware

| | DevZone, malware prevention, open source, software supply chain, Sonatype Lifecycle, Sonatype Repository Firewall, Vulnerabilities
In today’s interconnected digital world, vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain. While these two terms may appear synonymous ...
Sonatype Blog
npm Manifest Confusion – What Is It and Do You Really Need to Worry About It?

npm Manifest Confusion – What Is It and Do You Really Need to Worry About It?

| | dependencies, DevZone, FEATURED, npm, open source
Yesterday, Darcy Clarke, a software developer and a former npm CLI team Engineering Manager, steered everyone’s attention towards a gap in the npm registry website – what he calls “manifest confusion.” ...
Sonatype Blog
How to Measure the Maturity of Your Software Supply Chain

How to Measure the Maturity of Your Software Supply Chain

| | Application Security, devops frameworks, DevZone, News and Views, software supply chain
In today's fast-paced software development landscape, organizations face rising challenges to ensure the security, quality, and reliability of the software they deliver. Your software supply chain plays a pivotal role in meeting these ...
Sonatype Blog
Wicked Good Development Episode 32: Java Queens at Devnexus 2023

Wicked Good Development Episode 32: Java Queens at Devnexus 2023

| | community, DevZone, Podcast, Wicked Good Development
  ...
Sonatype Blog
The Impact of Security Testing on an Organization

The Impact of Security Testing on an Organization

| | DAST, DevZone, IAST, SAST, SCA, security testing
  ...
Sonatype Blog
How to Convert Your SBOM Between SPDX and CycloneDX Formats

How to Convert Your SBOM Between SPDX and CycloneDX Formats

| | DevSecOps, DevZone, open source, SBOM, secure software supply chain
  ...
Sonatype Blog
Wicked Good Development Episode 31: Testcontainers With Oleg Šelajev

Wicked Good Development Episode 31: Testcontainers With Oleg Šelajev

| | community, DevZone, Podcast, Testcontainers, Wicked Good Development
  ...
Sonatype Blog
Malware Monthly - March 2023

Malware Monthly – March 2023

| | DevZone, FEATURED, Malware Monthly, malware prevention, npm, PyPI, Vulnerabilities
  ...
Sonatype Blog
Post-Conference Tech Spec: Why Building Your Ship (Application) with Raw Materials is a Bad Idea

Post-Conference Tech Spec: Why Building Your Ship (Application) with Raw Materials is a Bad Idea

| | DevSecOps, DevZone, open source, secure software supply chain
  ...
Sonatype Blog
Load more