dependencies
Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight
Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ...
Embracing dependency management in software development
With open source forming the backbone of modern software, effective management of software dependencies is an inevitable challenge for development and security teams ...
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
Strategies to accelerate dependency management for modern enterprise software development
Contrary to common belief, security and productivity are not necessarily at odds in modern software development ...
Software composition analysis (SCA): A beginner’s guide
In modern software development, applications are rarely built from scratch. Development teams extensively rely upon open source software components to accelerate development and foster innovation in software supply chains ...
The overview effect: Two decades of unique perspective
Based on data from 2023, just under 700 people have made the (sometimes) dangerous journey to space and seen our planet in a different light. Astronauts often write about their experiences in ...
Sonatype Lifecycle best practices: InnerSource
InnerSource Insight facilitates collaboration and enhances code quality across teams ...
The impact of automating open source dependency management
Recently, I chatted with developers from a customer in a heavily regulated industry. They were manually updating their open source dependencies and wanted to find a better solution to save time. Keeping ...
The impact of automating open source dependency management
Recently, I chatted with developers from a customer in a heavily regulated industry. They were manually updating their open source dependencies and wanted to find a better solution to save time. Keeping ...
Sonatype Lifecycle best practices: Getting started and managing SBOMs
Effective management of software dependencies is critical for ensuring both security and operational efficiency of applications ...
