Sonatype introduces DepShield for identifying vulnerable open-source components in GitHub

Sonatype wants to make it easier for developers to have open-source governance with the release of Sonatype DepShield. The solution is a GitHub application that integrates directly within repositories, enabling developers to identify vulnerable open-source components. According to the company, DepShield constantly monitors projects and automatically creates issues when security vulnerabilities are detected. It offers … continue reading

Open source at 20: The ubiquity of shared code

“Why is open source important? That’s like asking why is gravity important,” stated Brian Behlendorf, a leading figure in the open-source software movement, and executive director for the blockchain consortium Hyperledger. While this year marks the 20th anniversary of open source, it is hard to imagine a time before open-source software. Today, it’s difficult to … continue reading

Has DevSecOps succeeded in what it was created to accomplish?

At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps. Though the concept and practices were created with the best intentions, the number of cybersecurity attacks continues to rise, which … continue reading

New Call-to-action

DevSecOps: Baking security into development

Software is the lifeblood of most businesses today. So, what happens if that software is unreliable or insecure? It seems like a no-brainer that the software being pushed out should be protected. But, as software is being developed and deployed at a rapid pace, an important aspect of the life cycle gets lost in the … continue reading

Sonatype’s State of the Software Supply Chain, Motorola and Neurala team up for AI, and The Bitfury Group’s Exonum — SD Times news digest: July 17, 2017

Sonatype released its third annual State of the Software Supply Chain report, which highlights risks within open source software components. The report also highlights the benefits of managing software supply chain hygiene. “Companies are no longer building software applications from scratch, they are manufacturing them as fast as they can using an infinite supply of … continue reading

Eclipse Oxygen, the Android Things Console, and Sonatype acquires Vor Security — SD Times news digest: June 29, 2017

The Eclipse Foundation has announced Eclipse Oxygen is now available. The Oxygen release includes 83 projects, 287 committers, and about 71 million lines of code. “We’re proud to announce the arrival of Eclipse Oxygen, the 12th annual simultaneous release from the Eclipse Community,” the foundation wrote. Most notably missing from this release is support for … continue reading

Sonatype Integrates Nexus Lifecycle with Microsoft Visual Studio

Sonatype, the leader in software supply chain automation, today announced that it has released a new version of Nexus Lifecycle that includes an extension to Microsoft Visual Studio, a popular integrated development environment (IDE). This new Nexus Lifecycle integration empowers millions of Visual Studio developers with direct access to Sonatype’s open source intelligence engine so … continue reading

Report: Organizations embracing DevSecOps automation

The DevOps community is struggling with bringing security into the organization and across the software development life cycle (SDLC). However, new research from Sonatype reveals that while companies continue to face breaches, mature development organizations finally realize how critical it is to weave automated security early in the SDLC. Sonatype, a software automation and security … continue reading

Veracode’s State of Software Security Report, Symphony Software Foundation’s Open Developer Platform, and DevExpress open-sources TestCafe—SD Times news digest: Oct. 18, 2016

Veracode today released its findings from its annual State of Software Security Report, which revealed that the persistent use of components in software development is creating unmanaged risk. The report also found that companies can benefit if they accelerate their application security programs. Veracode found that a single popular component with a critical vulnerability spread … continue reading

The State of the Software Supply Chain report, new functional language Verve, and GE brings Predix to Azure—SD Times news digest: July 11, 2016

Open-source software is being used more than ever, yet practices for sourcing the software are inefficient and vulnerabilities are pervasive, according to a report from supply-chain automation provider Sonatype. The number of open-source component download requests increased to 31 billion in 2015 from 17 billion in 2014, according to the report, which looked at supply … continue reading

Security practices take focus off programmers and onto systems

New approaches to security for enterprise applications focus on everything outside of the programmer that can be secured … continue reading

Sonatype offers insight into enterprise open-source usage

Tool suite helps organizations manage how they bring code into their development … continue reading

HTML Snippets Powered By : XYZScripts.com