Sonatype Lifecycle
Enhance security with the Sonatype Lifecycle and GitLab Ultimate integration
For an organization to place greater emphasis on software supply chain security, seamless integrations that enhance visibility and streamline workflows remain essential. Sonatype is thrilled to unveil an enhanced integration between Sonatype ...
Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight
Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ...
Embracing dependency management in software development
With open source forming the backbone of modern software, effective management of software dependencies is an inevitable challenge for development and security teams ...
Npm packages conceal macOS malware in ‘travis.yml’ files, drop bogus “Safari Updates”
Three npm packages identified by Sonatype this week conceal malware in "travis.yml," a CI/CD build configuration file used by Travis CI. These packages contain metadata, description, and code copied from the legitimate ...
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration
We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration ...
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration
We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration ...
Sonatype Lifecycle best practices: InnerSource
InnerSource Insight facilitates collaboration and enhances code quality across teams ...
Take control of your InnerSource components with InnerSource Insight
Today, Sonatype announced "InnerSource Insight," an industry-first capability within Sonatype Lifecycle that makes it easier and safer for developers to use components developed by others within their organization ...
A guide for open source software (OSS) security
When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component's security emerges as a critical task. This involves not only ...
Sonatype Lifecycle best practices: Reference policies, backup and restore
Fortifying your software development processes against security threats and compliance issues is not just necessary — it's imperative to maintain resilience in today's unpredictable cyber environment. Managing software dependencies effectively is crucial ...
