Wrapping up a decade of insights from the State of the Software Supply Chain

Wrapping up a decade of insights from the State of the Software Supply Chain

Sonatype's 10th annual State of the Software Supply Chain report marks a transformative decade for open source software ...
From risks to resilience: Best practices for software supply chain security

From risks to resilience: Best practices for software supply chain security

As software supply chains evolve in complexity, managing security risks has become an ever-changing challenge. New threats emerge daily, driven by rapid innovation and the heavy reliance on open source components ...
Navigating Australian ISM Guidelines for Software Development

Navigating Australian ISM Guidelines for Software Development

In 2017, the Australian Cyber Security Centre (ACSC), a division of the Australian Signals Directorate (ASD), released the Information Security Manual (ISM). This comprehensive guide offers practical advice on safeguarding systems and ...
Securing development infrastructure: A new frontier in software supply chain security

Securing development infrastructure: A new frontier in software supply chain security

Software supply chains are indispensable to modern software development as they drive innovation and efficiency across industries. Yet, as vital as they are, these supply chains are also avenues for threats and ...
A guide for open source software (OSS) security

A guide for open source software (OSS) security

When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component's security emerges as a critical task. This involves not only ...
Secure Software Development Attestation Form: Sonatype helps you comply

Secure Software Development Attestation Form: Sonatype helps you comply

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal ...
Securing software development with Sonatype Air-Gapped Environment (SAGE)

Securing software development with Sonatype Air-Gapped Environment (SAGE)

Developers everywhere build modern applications from reusable pieces of code downloaded from repositories such as Maven Central ...