| Date | Title | Description |
| 29.10.2024 | Navigating the NPM Jungle: Security and Dependency Management | In the vast landscape of software development, managing dependencies is akin to navigating a dense jungle. Each package, each version, is a vine that can either support your climb or trip you up. As developers, we must tread carefully, espe... |
| 29.10.2024 | ScaleFlux: Leading the Charge in Storage and Memory Technologies for Unmatched Cyber Defense Solutions | SCFLX PRS #5 - Cybersecurity - Open Source & ECC
In an era where digital threats are increasingly sophisticated and pervasive, businesses must adapt to protect their critical data assets. ScaleFlux, renowned for its innovative flash sto... |
| 29.10.2024 | Как работать с npm, чтобы у вас не угнали креды | Скрипты жизненного цикла npm‑пакетов
В ходе разработки, многие находят скрипты жизненного цикла npm весьма полезными, например, в «prepare» можно настроить установку git‑хуков, а в «preinstall» можно проверить наличие необходимых внешних за... |
| 28.10.2024 | Socket: Software Supply Chain Security Company Raises $40 Million (Series B) | Socket, a company protecting software from supply chain attacks, announced a $40 million funding round. The company monitors open-source packages for malicious behaviors like backdoors, typo-squatting, and obfuscated code.
The Socket Series... |
| 17.10.2024 | Building a Spring Boot Library: A Guide to Streamlined Development | In the world of software development, efficiency is king. The DRY principle—“Don’t Repeat Yourself”—is the golden rule. It’s about avoiding redundancy in code. Imagine a sprawling garden. If every flower grows in its own pot, maintenance be... |
| 16.10.2024 | Как спроектировать библиотеку для Spring Boot | Принцип DRY (Не повторяйся) – это важная составляющая цикла разработки программного обеспечения. Его цель – избежать ненужной повторяемости в коде. В частности, имеется множество приложений, которые могут находиться в составе одной и той же... |
| 12.09.2024 | Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds | Patches deployed for dependency vulnerabilities cause breakages 75% of the time, a new report has revealed. Minor updates were found to break clients 94% of the time, and for version upgrades this was 95%.
Software dependencies — the extern... |
| 08.08.2024 | Lineaje: Supply Chain Security Company Secures $20 Million (Series A) | Lineaje (see Pulse 2.0 profile here), a leader in continuous software supply chain security management, announced it raised $20 million in Series A funding led by Prosperity7 Ventures, Neotribe, and Hitachi Ventures, along with existing inv... |
| 04.08.2024 | Fortifying Software Supply Chains: Sonatype's Strategic Move to AWS Marketplace | In the digital age, software is the backbone of innovation. Yet, with great power comes great responsibility. The software supply chain is fraught with risks, especially as open-source components dominate modern applications. Sonatype, a le... |
| 02.08.2024 | Scala Digest. Выпуск 19 | Привет, Хабр! Мы — Рома, Настя, Карина и Эвелина— бэкенд-разработчики Т-Банка, пишем код на Scala и горим желанием его популяризировать. Мы собираем и агрегируем новости из разных источников, включая Scala Times, блог Petr Zapletal и канал ... |
| 30.07.2024 | Sonatype brings software security tools to AWS Marketplace | Sonatype has announced that its Software Bill of Materials (SBOM) Manager and Nexus Repository are now available through the AWS Marketplace. This development will enable Amazon Web Services (AWS) customers to access Sonatype’s comprehensiv... |
| 25.07.2024 | DuckDB: The New Powerhouse for Data Engineering**
** | ** In the vast ocean of data management tools, DuckDB emerges as a sleek, agile vessel. This columnar database is designed for analytical workloads, making it a go-to choice for data engineers. With its recent stable release, version 1.0.0,... |
| 23.07.2024 | Sonatype’s platform debuts on AWS Marketplace, protecting the supply chain against open source risk | Sonatype’s platform debuts on AWS Marketplace, protecting the supply chain against open source risk
Sonatype, the end-to-end software supply chain security platform, is announcing the debut of two of its solutions—Sonatype SBOM Manager and ... |
| 15.07.2024 | Who are you, Platform Engineering. Часть 3: знакомство с Dev Platform | Внутренние платформы разработки (Internal Development Platform, IDP), как один из артефактов реализации платформенного подхода (Platform Engineering), становятся важной точкой роста для многих компаний, занимающихся разработкой: помогают ун... |
| 08.07.2024 | Sonatype launches SBOM Manager to enhance software security | Sonatype has announced the general availability of its Software Bill of Materials (SBOM) Manager product.
An SBOM is a detailed inventory of the various components used in software development, including versions, origins, and licensing spe... |
| 08.07.2024 | Java Digest #14 | Всем привет! 👋 👋 👋 👋 Мы — Java-разработчики Тинькофф: Андрей, Арсений, Константин и Константин. Собираем интересные новости, статьи, туториалы и другие материалы из мира Java-разработки и делимся этим со всем сообществом.
В этом выпуске — с... |
| 26.06.2024 | Настраиваем TLS контекст. КриптоПро в помощь | Контекст
Эта публикация – практический кейс c кратким туториалом по реализации TLS-соединения, на основе российских стандартов шифрования, основанных на компонентах КриптоПро (CP). Статья не содержит рекламы или попытки сподвигнуть к выбору... |
| 13.06.2024 | Миграция витрины данных с СУБД Teradata в СУБД Greenplum | Миграция СУБД с одной технологии на другую — сложный процесс, который связан не только с конвертацией кода и переливкой данных из одной системы в другую. Хотя и здесь есть неочевидные нюансы. Часто это вопросы, связанные с совместимостью фу... |
| 11.06.2024 | How AI and LLMs are revolutionizing cyber insurance | It's time to celebrate the incredible women leading the way in AI! Nominate your inspiring leaders for VentureBeat’s Women in AI Awards today before June 18. Learn More
Solving the widening cybersecurity insurance gap that drives businesses... |
| 31.05.2024 | Хакеры начали выдавать себя за «полезных» пользователей Stack Overflow для распространения вредоносов | Киберпреступники начали использовать Stack Overflow для распространения вредоносного ПО. Они отвечают на вопросы пользователей, продвигая вредоносный пакет PyPi, который устанавливает в Windows инфостилер.
bleepingcomputer.com
Исследователь... |
| 16.05.2024 | ActiveState joins Python Software Foundation's Trusted Publishing Initiative to Enhance the Integrity of Python Packages as Part of Its Mission to Secure Open Source Supply Chains | As a Trusted Publisher on the Python Package Index (PyPI), ActiveState empowers developers with unrivaled open source management capabilities and mitigates escalating supply chain risks.
VANCOUVER, BC, May 16, 2024 /PRNewswire/ -- ActiveSta... |
| 15.05.2024 | Что предпринять компании для защиты от киберугроз | Опубликован первый мировой рейтинг киберпреступности с основными угрозами и списком стран, откуда их исходит больше всего. Рассказываем, какие риски распространены сегодня в сфере информации, как на их развитие влияет ИИ и почему управление... |
| 22.04.2024 | Никому нельзя верить на слово в безопасной разработке, или Еще один взгляд на SCA | Кадр из фильма «Великий Гэтсби» @Warner Brothers, Village Roadshow Pictures, Bazmark Films, A&E Spectrum Films и Red Wagon Entertainment (юристы попросили написать)
Захожу я в английский клуб. Там все сидят, выпивают, в карты играют. См... |
| 26.03.2024 | Binarly: Supply Chain Security Platform Company Raises $10.5 Million | Binarly, a provider of an AI-powered firmware and software supply chain security platform, announced the closing of a $10.5 million seed funding round. The oversubscribed funding round was led by Two Bear Capital, with participation from Bl... |
| 20.03.2024 | Greggs Shut Down after IT Outage | Greggs, the baked goods purveyor made famous for their sausage rolls, have reportedly shut down across the country due to an ongoing IT issue.
After facing card payment issues, stores across the UK were forced to shut down or to go cash onl... |
| 28.02.2024 | StarCoder 2 is a code-generating AI that runs on most GPUs | Developers are adopting AI-powered code generators — services like GitHub Copilot and Amazon CodeWhisperer, along with open access models such as Meta’s Code Llama — at an astonishing rate. But the tools are far from ideal. Many aren’t free... |
| 27.02.2024 | Sonatype Introduces Cutting-Edge AI/ML Component Detection | New features transform the way AI components are managed, empowering development teams to innovate rapidly, while ensuring the highest standards of security, legal compliance, and risk management
Sonatype, the software supply chain optimiza... |
| 08.12.2023 | Безопасность Supply Chain. Глава 2: как злонамеренные библиотеки проникают в проект и как этому помешать | Bob: Alice, ты в прошлый раз меня убедила, что мне необходимо проверить свои сторонние зависимости в проекте на риски атак через цепочку поставок (Supply Chain). По итогу уже нашлось три подозрительные библиотеки. Я вообще не понимаю, как о... |
| 17.10.2023 | Software Supply Chain Security Attacks Up 200%: New Sonatype Research | Attacks on software supply chains increased dramatically in 2023, with an increase of 200% compared to 2022, according to Sonatype’s new report. Also, vulnerabilities are still present in downloaded dependencies, which is a reason why more ... |
| 11.10.2023 | Effective Cyber Defense: How Companies Can Adopt Threat Reconnaissance | Chief Evangelist and Fellow, Team Cymru. |
| 03.10.2023 | One in eight open source downloads have known and avoidable risks | This year has seen twice as many software supply chain attacks as 2019-2022 combined and one in eight open source downloads today pose known and avoidable risks.
The latest State of the Software Supply Chain Report from Sonatype, which logg... |
| 12.09.2023 | Developers turn to generative AI despite security risks | According to 800 developer (DevOps) and application security (SecOps) leaders surveyed, 97 percent are using GenAI technology today, with 74 percent saying they feel pressured to use it despite identified security risks.
The research from s... |
| 03.08.2023 | Supply chain worries drive adoption of SBOMs | Concerns around supply chain security, partly driven by President Biden's Executive Order on Improving the US' Cybersecurity, are leading to increased adoption of software bills of materials (SBOM).
Research from Sonatype surveyed over 200 ... |
| 31.07.2023 | Palo Alto Networks Prisma Cloud Now Protects Software Delivery Pipeline | Palo Alto NetworksSOPA Images/LightRocket via Getty Images |
| 10.07.2023 | Software Providers Should Prepare For Liability Right Now—Here’s How | Software developer, innovator, and entrepreneur who is most prominently known for his role as the CTO and Co-Founder of Sonatype, Inc. |
| 04.07.2023 | Sonatype Repository Firewall Has Prevented Losses from Malicious Attacks Totaling More Than $1.5 Billion | Sonatype, the pioneer of software supply chain management, has announced that Sonatype Repository Firewall has stopped more than $1.5 billion in potential losses from malicious open source attacks. Now a SaaS-first solution, it is enabling ... |
| 12.06.2023 | Sonatype Launches in AWS Marketplace | Sonatype announced availability in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS) – f... |
| 22.05.2023 | PyPI из-за чрезмерной активности злоумышленников на два дня закрыл регистрацию новых пользователей и проектов | Репозиторий Python-пакетов PyPI (Python Package Index) из-за чрезмерной вредоносной активности злоумышленников на два дня приостанавливал регистрацию новых пользователей и проектов. Это произошло 20 и 21 мая из-за высокой нагрузки на сотруд... |
| 12.04.2023 | Google Cloud offers Assured Open Source Software for free | Image: Google
Open source software and software supply chain security risks continue to be a primary concern for developers and organizations. According to a 2022 study by electronic design and automation company Synopsys, 84% of open sourc... |
| 03.04.2023 | Менеджмент зависимостей в Javascript | Javascript стремительно развивается на протяжении уже более 20 лет. За это время появлялось огромное количество различных решений для разработки веб-приложений и, несмотря на развитие веб-стандартов и самой веб-платформы, сейчас уже достато... |
| 27.03.2023 | Андрей Гейн: субъективные новости из мира Python | Февральскую конференцию EkbPy в Екатеринбурге открывал Андрей Гейн со своим субъективным обзором главных новостей Python. Этот доклад стал одним из лучших на конференции по мнению слушателей, и мы решили поделиться некоторыми его тезисами с... |
| 27.02.2023 | Should organizations swear off open-source software altogether? | Open-source software is a nightmare for data security. According to Synopsys, while 96% of software programs contain some kind of open-source software component, 84% of codebases contain at least one vulnerability.
These vulnerabilities are... |
| 24.02.2023 | 14 Smart Strategies For Establishing A Secure Software Supply Chain | Just as contractors construct a building using established processes and plans as well as premade and precut materials, a software program is built on the foundations of established development practices and previously written, working code... |
| 11.02.2023 | А вы давно заглядывали внутрь ваших зависимостей? | Задумывались ли вы о том, что находится внутри зависимостей, которые так или иначе подтягиваются в ваш код? Взять чужую библиотеку сейчас — норма жизни, но чем это обернется с точки зрения безопасности?
Последние истории с node‑ipc и CTX за... |
| 11.02.2023 | А вы давно заглядывали внутрь ваших зависимостей? | Задумывались ли вы о том, что находится внутри зависимостей, которые так или иначе подтягиваются в ваш код? Взять чужую библиотеку сейчас — норма жизни, но чем это обернется с точки зрения безопасности?
Последние истории с node‑ipc и CTX за... |
| 01.02.2023 | New cloud platform aims to improve supply chain management | A new platform from Sonatype is designed to make it easier for developer and security teams to unite and build innovative software securely.
It delivers an Application Security Testing (AST) and Software Composition Analysis (SCA) tool that... |
| 11.01.2023 | Four Cyber Risk Trends To Watch In 2023 And How Businesses Can Mitigate Them | Steve Durbin is Chief Executive of Information Security Forum. He is a frequent speaker on the Board’s role in cybersecurity and technology. |
| 10.01.2023 | PyTorch разоблачил вредоносную цепочку зависимостей | PyTorch обнаружил вредоносную зависимость с тем же именем, что и у библиотеки torchtriton во фреймворке. Это привело к успешной компрометации через вектор атаки путаницы зависимостей. Подробности — к старту нашего курса «Белый хакер».
Админ... |
| 09.12.2022 | Number of vulnerable Log4j downloads remains high one year on | This week marks the first anniversary of the Log4j/Log4Shell vulnerability affecting the Java logging library and as we noted recently many organizations are still vulnerable even though patched versions were quickly available.
Sonatype has... |
| 06.12.2022 | Sonatype Applauded by Frost & Sullivan for Enabling Detection, Analysis, and Remediation of Vulnerabilities in SDLC with Its Nexus Platform | The software supply chain management platform reduces false positives, improves code quality, and automatically remediates vulnerabilities, helping developers save time and address tight timeline issues.
SAN ANTONIO, Dec. 6, 2022 /PRNewswir... |
| 25.11.2022 | Report: 96% of vulnerable open-source downloads are avoidable | Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.
As the industry’s reliance on open-source software has i... |
| 10.11.2022 | The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability? | Editor's note: A previous version of this article identified the OpenSSL vulnerability as critical. While it was initially announced as such, the vulnerability has been reclassified to high, and the editor has corrected the article to refle... |
| 03.11.2022 | Backlogs, Backlogs Everywhere And Not A Minute To Spare | Liran Tancman, CEO, Rezilion. |
| 25.10.2022 | How Arnica’s tool keeps supply chain and developers flowing by repelling attacks | Register now for your free virtual pass to the Low-Code/No-Code Summit this November 9. Hear from executives from Service Now, Credit Karma, Stitch Fix, Appian, and more. Learn more.
As a kid, Nir Valtman recalled how he used tools like ICQ... |
| 18.10.2022 | 96 percent of known open source vulnerabilities can be easily avoided | With more open source being consumed than ever before, attacks targeting the software supply chain have increased too, both in frequency and complexity. A new report reveals a 633 percent year on year increase in malicious attacks aimed at ... |
| 11.10.2022 | How Google Cloud is protecting the software supply chain in its increasing complexity | Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured sessions here.
The software supply chain is not linear or simplistic: It is made up of many different components introduced at different t... |
| 22.09.2022 | Software supply chain security gets its first Linux distro, Wolfi | Image: Ralf/Adobe Stock
From software signing, to container images, to a new Linux distro, an emerging OSS stack is giving developers guardrails for managing the integrity of build systems and software artifacts.
SolarWinds and Log4j were t... |
| 30.08.2022 | Google launches vulnerability reward program to secure open-source software | Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Open source software security is in need of a massive overhaul. So many organizations rely on open source software to f... |
| 25.08.2022 | Should Uncle Sam Worry About ‘Foreign’ Open-Source Software? Geographic Known Unknowns and Open-Source Software Security | Nationalism has come to software. While downloading TikTok or WeChat onto your cell phone isn’t quite tantamount to installing Huawei equipment in your local cell tower, all indications suggest that a software geopolitical divide has arrive... |
| 22.08.2022 | Malware floods npm and PyPi registries in supply-chain attacks | Researchers at security vendor Sonatype say they have found 186 malicious packages in the npm Javascript library registry, which infect Linux hosts with crypto currency mining applications.
Sonatype said many of the packages, published by t... |
| 09.08.2022 | 10 malicious Python packages exposed in latest repository attack | Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common.
Getty Images reader comments 40 with 32 posters part... |
| 08.08.2022 | Юный программист разместил шифровальщика в репозитории PyPI «шутки ради» | Исследователи из компании Sonatype обнаружили шифровальщика в официальном репозитории PyPI. В ходе расследования выяснилось, что вредонос в репозиторий загрузил школьник, а любой пользователей пакетов оказывался жертвой вымогателя.
Специали... |
| 08.08.2022 | Security Week 2232: вредоносные npm-пакеты | В свежем исследовании экспертов «Лаборатории Касперского» проанализирована вредоносная кампания LofyLife. В конце июля в репозитории Node Package Manager обнаружили четыре вредоносных пакета. Помимо легитимной функциональности (обработка те... |
| 03.08.2022 | Malicious 'typosquat' Python packages with ransomware scripts discovered | Researchers at software supply chain management firm Sonatype have identified many malicious Python packages with ransomware scripts.
In a blog post detailing their findings, Sonatype researcher Ax Sharma said these packages are named after... |
| 27.07.2022 | Protestware on the rise: Why developers are sabotaging their own code | Ax Sharma Contributor
Share on Twitter
Ax Sharma is a security researcher and reporter. His areas of interest include open source software security, malware analysis, data breaches and scam investigations.
If combating attacks and hijacking... |
| 27.06.2022 | В стороннем официальном репозитории Python были обнаружены вредоносные пакеты | В официальном стороннем репозитории Python были обнаружены вредоносные пакеты. Данные зловреды крадут ключи доступа к облакам Amazon Web Services и отправляют их на общедоступный ресурс.
Вредоностные пакеты обнаружили исследователи кибербез... |
| 22.06.2022 | Aqua Security and CIS release first formal guidelines for software supply chain security | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, cloud native security provider, Aqua Secur... |
| 21.06.2022 | Researchers discover lack of confidence in state of open-source security | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, Snyk and The Linux Foundation released the... |
| 27.05.2022 | ТОП-3 ИБ-событий недели по версии Jet CSIRT | Сегодня в подборке новостей от Jet CSIRT — компрометация пакета PyPI и библиотеки PHP, вредоносная кампания с Snake Keylogger и новое исследование вредоноса BPFDoor. Новости собирал Александр Ахремчик, ведущий аналитик центра мониторинга и ... |
| 25.05.2022 | PyPI package 'ctx' and PHP library 'phpass' hijacked to obtain AWS keys | Security researchers this week identified two corrupt Python and PHP packages in what appears to be yet another instance of a software supply chain attack targeting the open-source ecosystem.
Python Package Index (PyPI) module 'ctx' is one ... |
| 16.05.2022 | Как обеспечить безопасность сборки ПО: управляем внешними зависимостями | Привет! Проблема управления безопасностью зависимостей — supply chain security — в настоящее время как никогда актуальна. В качестве примера можно привести историю компании SolarWinds: исходный код разрабатываемой ею утилиты был скомпромети... |
| 11.05.2022 | Backdoor in public repository used new form of attack to target big firms | Enlarge
Getty Images reader comments 42 with 35 posters participating
Share this story
Share on Facebook
Share on Twitter
Share on Reddit
A backdoor that researchers found hiding inside open source code targeting four German companies was t... |
| 08.05.2022 | ТОП-3 ИБ-событий недели по версии Jet CSIRT | В каталоге PyPI обнаружено вымогательское ПО
Исследователи компании Sonatype обнаружили несколько вредоносных пакетов Python, содержащих скрипты программ-вымогателей. Скрипты, которые содержались в пакетах, искали директории пользователя Wi... |
| 06.04.2022 | Getting Ready For The Next Log4Shell Vulnerability | Bernd Greifeneder is the CTO and Founder of Dynatrace, a software intelligence company that helps to simplify enterprise cloud complexity. |
| 04.04.2022 | Spring4Shell added to CISA’s list of exploited vulnerabilities | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - August 3. Join AI and data leaders for insightful talks and exciting networking opportunities. Learn more about Transform 2022
The recently disclosed remo... |
| 04.04.2022 | Spring4Shell added to CISA’s list of exploited vulnerabilities | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
The recently disclosed remote code execution (RCE... |
| 01.04.2022 | SpringShell: Patches released for critical zero-day | The Spring team has released an emergency patch to address a new critical remote code execution (RCE) flaw that affects any application using the Spring Framework and could enable an unauthenticated attacker to execute arbitrary code on a v... |
| 29.03.2022 | Локальные репозитории пакетов | Всем привет! Сегодня хочу поделиться нашими мыслями относительно того, как можно защитить свою разработку от некоторых потенциальных рисков в современных условиях. Собственно, что мы имеем ввиду? Речь идёт о том, что в крупных проектах част... |
| 20.03.2022 | The risk of undermanaged open source software | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
There are a lot of myths surrounding open source ... |
| 20.03.2022 | The risk of undermanaged open source software | Did you miss a session at the Data Summit? Watch On-Demand Here.
There are a lot of myths surrounding open source software, but one that continues to permeate conversations is that open source is not as secure as proprietary offerings. At f... |
| 18.03.2022 | Open source dev sabotages own library to target Russian and Belarusian users | Brandon Nozaki Miller, maintainer of the popular library npm-ipc, has updated the package with new code that specifically targets users in Russia and Belarus, in protest of Russia's invasion of Ukraine and Belarus's participation in the war... |
| 08.03.2022 | Ransomware contained in typosquat Python scripts | Researchers at Sonatype have identified multiple malicious Python packages that contain ransomware scripts.
The packages are named after a legitimate, widely known library called 'Requests', with names like 'requesys', 'requesrs' and 'reque... |
| 04.03.2022 | Researchers warn of malicious typosquatting packages making their way into open source repositories | Researchers at software supply chain management firm Sonatype have warned that attackers are increasingly using malicious 'typosquatting' packages infiltrating open source repositories to steal confidential data from victims.
In a blog post... |
| 10.02.2022 | CVP Vasu Jakkal: Staying on top of cybersecurity threats is vital, getting ahead of them is paramount | With a 1,070 percent increase in ransomware attacks year-over-year between July 2020 and June 2021, staying on top of attack trends-such as ransomware and supply chain threats-is more important than ever.1 To successfully detect and defend ... |
| 03.02.2022 | Power Moves: Margaret Roth Falzon is now COO at Squadra Ventures | Power Moves is a column where we chart the comings and goings of talent across the region. Got a new hire, gig or promotion? Email us: baltimore@technical.ly.
Margaret Roth Falzon has been promoted to chief operating officer of Baltimore ve... |
| 27.01.2022 | Sonatype, which secures open source code, lays groundwork for IPO | Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.
Let the OSS Enterprise newsletter guide your open source journey! Sign up here.
As security for software development ... |
| 27.01.2022 | Sonatype, which secures open source code, lays groundwork for IPO | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Let the OSS Enterprise newsletter guide your open... |
| 27.01.2022 | Sonatype Exceeds $100M in ARR, Names First President as Demand for Software Supply Chain Management Soars | - Addition of proven leader Alex Berry, largest Q4 ever, and 200+ new hires bolster momentum for 2022- Company growth showcases importance of intelligent, full-spectrum software supply chain management for both developers and security teams... |
| 21.01.2022 | Cisco : Protecting Secrets / Variables Using HashiCorp Vault Secret Manager | Recently I was asked to create a new integration between Cisco ASD (Automated Software Distribution) and Sonatype Nexus Repository. As both expose a decent API, it wasn't a complicated task (just a matter of ~800 lines of Python code ).
How... |
| 20.01.2022 | Software Supply Chain Security Specialist Codenotary Raises $12.5 Million in Series B Round | Codenotary, the immutability specialist that can instantly identify untrusted components in software, today announced that it has raised $12.5 million in series B funding by new and existing investors Bluwat, Elaia and others.
The financing... |
| 19.01.2022 | Cisco : Protecting Secrets / Variables Using HashiCorp Vault Secret Manager | Recently I was asked to create a new integration between Cisco ASD (Automated Software Distribution) and Sonatype Nexus Repository. As both expose a decent API, it wasn't a complicated task (just a matter of ~800 lines of Python code ).
How... |
| 16.01.2022 | FOSS News №104 — дайджест материалов о свободном и открытом ПО за 27 декабря 2021 — 16 января 2022 года | Всем привет!
Продолжаем дайджесты новостей и других материалов о свободном и открытом ПО и немного о железе. Всё самое главное про пингвинов и не только, в России и мире.
Главные темы нового выпуска:
Новости о распространении и борьбе с кат... |
| 26.12.2021 | FOSS News №103 — дайджест материалов о свободном и открытом ПО за 20—26 декабря 2021 года | Всем привет!
Продолжаем дайджесты новостей и других материалов о свободном и открытом ПО и немного о железе. Всё самое главное про пингвинов и не только, в России и мире.
Главные темы нового выпуска:
Новости о распространении и борьбе с кат... |
| 24.12.2021 | Прозрачно кешируем несколько Container Registry в CRI-O и Podman | Возможно, вы уже активно используете CRI-O и Podman, а может только смотрите на альтернативы Docker с осторожностью. Но, как бы там ни было, альтернативные решения создают конкуренцию монополисту Docker и предлагают новые и востребованные у... |
| 08.12.2021 | You can’t stop the ‘next SolarWinds’ — but you can slow it down | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
It’s one of the biggest questions in cybersecurit... |
| 08.12.2021 | You can’t stop the ‘next SolarWinds’ — but you can slow it down | Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more
It’s one of the biggest questions in cybersecurity of 2021, and it’s sure to remain on the min... |
| 01.12.2021 | Aqua Security acquires Argon to protect the software supply chain | Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more
Cloud-native application protection firm Aqua Security announced today it has acquired Argon, ... |
| 01.12.2021 | Aqua Security acquires Argon to protect the software supply chain | We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Cloud-native application protection firm Aqua Sec... |
| 29.10.2021 | Специалисты Sonatype обнаружили NPM-пакеты, распространявшие под видом Noblox.js вымогательское ПО и инфостилеры | Не успели специалисты Sonatype обнаружить в этом месяце вредоносное ПО для майнинга криптовалюты в трех JavaScript-библиотеках, загруженных в официальный репозиторий NPM, как появилась новая напасть. Речь пойдет о еще двух NPM-пакетах — nob... |
| 24.10.2021 | FOSS News №93 — дайджест материалов о свободном и открытом ПО за 18—24 октября 2021 года | Всем привет!
Продолжаем дайджесты новостей и других материалов о свободном и открытом ПО и немного о железе. Всё самое главное про пингвинов и не только, в России и мире.
Главные темы нового выпуска:
OS DAY 2021: отчёт с двух дней конференц... |
