Sonatype welcomes Antoine Harden as Regional Vice President of Federal
Sonatype is thrilled to announce the addition of Antoine Harden as our Regional Vice President of Federal. With a proven track record of leadership and innovation, Antoine will spearhead sales efforts across ...
Malicious package detection: Sonatype secures software supply chains
Malicious packages present a growing danger to software supply chains. From typosquatting attacks to sophisticated malware hidden within open source components, detecting and preventing malicious packages has become essential for ensuring the ...
Revived CryptoJS library is a crypto stealer in disguise
An illicit npm package called 'crypto-encrypt-ts' may appear to revive the unmaintained but vastly popular CryptoJS library, but what it actually does is peek into your crypto wallet and exfiltrate your secrets ...
How SBOMs power secure software acquisition | Sonatype Blog
CISA's Supply Chain Integrity Month reminds us of an undeniable truth about modern software development: transparency in software supply chains is no longer optional. The theme of week 4 is "Transparency: Securing ...
Build smarter with AI and your software supply chain
AI adoption is reshaping how software gets built. From coding assistants to full-fledged agentic AI applications, developers now routinely rely on artificial intelligence in their workflows. But a subtler shift is also ...
Elevate your organization’s success: Submissions now open for the 2025 Sonatype Elevate Awards
We are thrilled to announce that the 2025 Sonatype Elevate Awards are officially open for submissions ...
Shadow downloads – How developers have become the new perimeter
With great power comes great responsibility ...
5 reasons to not miss Sonatype at RSAC 2025
RSA Conference (RSAC) brings together cybersecurity practitioners from across the globe to learn about the latest cybersecurity defense strategies and tools, connect with industry peers, and share knowledge about the threat landscape ...
What’s happening with MITRE and the CVE program uncertainty
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today ...
Open Source Malware Index Q1 2025: Data exfil threats rising sharply
Sonatype's ongoing mission is to equip organizations with the most up-to-date information on open source security threats. As part of that commitment, we will be sharing data and insights on a quarterly ...
