Understand how Software Composition Analysis can eliminate risks to projects for open source software. Read the full guide to learn more.| www.sonatype.com
Get a complete overview of different open source risks so that you can better defend against software supply chain attacks.| www.sonatype.com
Learn how software supply chains work, the risks of software supply chain security vulnerabilities, and how to manage software dependencies securely.| www.sonatype.com
A software bill of materials (SBOM) lists all packages and libraries included in an application. Learn how SBOMs make software supply chains more secure.| www.sonatype.com
Understand and manage the software dependencies in your software supply chain.| www.sonatype.com
Learn about the danger of open source malware and software vulnerabilities in Sonatype's Open Source Malware Resource Hub.| www.sonatype.com
Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.| www.sonatype.com
Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks and what you can do about it.| www.sonatype.com
The wave of security vulnerabilities and exploitation affecting Log4shell continues to be a serious concern. We developed a one stop shop of Log4j resources.| www.sonatype.com
View the history of software supply chain attacks, open source components analyzed by Sonatype| www.sonatype.com