Understand how Software Composition Analysis can eliminate risks to projects for open source software. Read the full guide to learn more.| www.sonatype.com
Get a complete overview of different open source risks so that you can better defend against software supply chain attacks.| www.sonatype.com
Learn how software supply chains work, the risks of software supply chain security vulnerabilities, and how to manage software dependencies securely.| www.sonatype.com
A software bill of materials (SBOM) lists all packages and libraries included in an application. Learn how SBOMs make software supply chains more secure.| www.sonatype.com
Understand and manage the software dependencies in your software supply chain.| www.sonatype.com
Learn about the danger of open source malware and software vulnerabilities in Sonatype's Open Source Malware Resource Hub.| www.sonatype.com
Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.| www.sonatype.com
Learn about a targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian.| www.sonatype.com
The wave of security vulnerabilities and exploitation affecting Log4shell continues to be a serious concern. We developed a one stop shop of Log4j resources.| www.sonatype.com
View the history of software supply chain attacks, open source components analyzed by Sonatype| www.sonatype.com
