Topic: sonatype

Lack of automation leaves companies vulnerable to attacks like Log4Shell and Spring4Shell

Sonatype found that nearly 70% of dependency management decisions are suboptimal in a study that evaluated 100,000 production applications and 4,000,000 open-source component migrations.  A large part of this is due to lack of security automation, explained Ax Sharma, senior security researcher, and advocate at Sonatype, in a webinar called “The Impact of Zero-Day Attacks … continue reading

Software supply chain hygiene: The big picture

Organizations have been forced to learn the hard way over the past year the importance of software supply chain security.  In late 2021, a vulnerability was detected in Log4j, which is a framework for logging in Java that is used as a dependency in over 7,000 open-source projects. This was just one example of a … continue reading

Security perimeter is no more as attack surface continues to expand

For a long time, security teams have been able to mostly rely on the safety of a security perimeter, but with things like IoT, embedded development, and now remote and hybrid work, this notion of a defensible perimeter is totally gone.  Having all of these connected devices that don’t live under one network expands the … continue reading

How these companies help organizations with DevSecOps

We asked these tool providers to share more information on how their solutions help companies with security in remote or hybrid settings. Their responses are below. Guy Eisenkot, VP of product and co-founder of Bridgecrew by Prisma Cloud As hybrid work environments and cloud infrastructure environments become the norm, organizations’ attack surfaces are only getting … continue reading

Empower developers for broader role

As companies steadily move toward increased agility, the software supply chain can no longer afford to follow the old assembly-line model: Specialists who once focused their efforts solely on developing code have seen their roles expand to that of generalist. With governance, security and quality assurance professionals less commonplace in the industry, developers now integrate … continue reading

Placing security in the hands of developers

Developers today are faced with an ever-changing landscape. Their responsibilities continue to expand into areas like software QA, security, and governance. In an SD Times Live! webinar, Brian Fox, CTO of Sonatype and Steve Poole, developer advocate at Sonatype, discuss the ways in which security has become an essential part of a developers job. According … continue reading

SD Times news digest: AppSearch now available in alpha on Jetpack, SmartBear releases new plug-in for SwaggerHub for IntelliJ IDEA, HCL releases the latest version of Domino

AppSearch in Jetpack, the on-device search library to create high performance and feature-rich full-text search functionality, is now available in alpha.  With AppSearch, developers have access to offline search capabilities, lower latency for indexing and querying over large data sets, relevant search results and multi-language support.  Users add an item by typing in the name … continue reading

Sonatype builds automated malware prevention for open-source libraries

New versions of open-source components are being released every day at an overwhelming and alarming pace. According to the open-source governance company Sonatype, approximately 20,000 component updates are made per day, making it near impossible for teams to manually manage dependencies. In addition, open-source projects that are impacted by attacks are difficult to detect because … continue reading

Report: Not all open-source software is created equal

While open-source software is an integral part of software development today, security continues to be an issue. A recently released report revealed a 71 percent increase in open-source security related breaches over the last five years. In addition, 25 percent of organizations reported a confirmed or suspected open-source software related breach.  RELATED CONTENT: Open source … continue reading

Sonatype introduces DepShield for identifying vulnerable open-source components in GitHub

Sonatype wants to make it easier for developers to have open-source governance with the release of Sonatype DepShield. The solution is a GitHub application that integrates directly within repositories, enabling developers to identify vulnerable open-source components. According to the company, DepShield constantly monitors projects and automatically creates issues when security vulnerabilities are detected. It offers … continue reading

Open source at 20: The ubiquity of shared code

“Why is open source important? That’s like asking why is gravity important,” stated Brian Behlendorf, a leading figure in the open-source software movement, and executive director for the blockchain consortium Hyperledger. While this year marks the 20th anniversary of open source, it is hard to imagine a time before open-source software. Today, it’s difficult to … continue reading

Has DevSecOps succeeded in what it was created to accomplish?

At this point, the concept of DevOps should be familiar to everyone. But with the rise of cybersecurity attacks, organizations have seen the need to incorporate security into the mix. Thus, the idea of DevSecOps. Though the concept and practices were created with the best intentions, the number of cybersecurity attacks continues to rise, which … continue reading

HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!