open source
Kubernetes Resource Optimization & Best Practices with Goldilocks
Kubernetes is now the industry standard for orchestrating containerized workloads, but efficient resource management remains a challenge for many organizations. It’s important to get right though! Over-provisioning leads to wasted cloud spend, ...
Build smarter with AI and your software supply chain
AI adoption is reshaping how software gets built. From coding assistants to full-fledged agentic AI applications, developers now routinely rely on artificial intelligence in their workflows. But a subtler shift is also ...
Shadow downloads – How developers have become the new perimeter
With great power comes great responsibility ...
What’s happening with MITRE and the CVE program uncertainty
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today ...
Open Source CIAM: A Practical Guide for the Modern Enterprise
Struggling with proprietary identity solutions? This comprehensive guide explores how open source CIAM platforms offer enterprises transparency, flexibility, & cost control while maintaining robust security. Compare leading solutions and discover which best ...
Beyond open vs. closed: Understanding the spectrum of AI transparency
Artificial intelligence (AI) is transforming industries, from software development to cybersecurity. But as AI adoption grows, so does the discussion around its accessibility and transparency. Unlike traditional software, where the concept of ...
Application security trends: Shift-left security, AI, and open source malware
Software is at the heart of business operations across most industries, which means application security has never been more critical. However, as organizations embrace cloud-native architectures, microservices, and open source components, the ...
Cybersecurity Insights with Contrast CISO David Lindner | 03/07/25
Insight No. 1. — Ransomware groups are using CISA’s KEV catalog as a runbook Given that CISA's Known Exploited Vulnerabilities (KEV) catalog highlights the most actively exploited and critical Common Vulnerabilities and ...
When Your SaaS Vendor Goes Dark: A Guide to Protecting Your Business
When a SaaS vendor unexpectedly shuts down, your business faces significant risks. This comprehensive guide provides actionable strategies to recover your data, find alternative solutions, and implement preventative measures to ensure business ...
Behind the Baseline: Reflecting on the launch of the Open Source Project Security Baseline
It's been a while since I've shared an update on the work Sonatype is doing in the open source ecosystem, so I'm excited to share an update on a few things we're ...
