Sonatype

×

Definitive Guides

The Definitive Guide to Open Source Component Best Practices

If you use open-source components in your apps, that means you have risk. Even the most cautious consumers are vulnerable to attacks. We are in the business of helping you protect your software supply chain and want to share with you our own open-source best practices.


Software Supply Chain

SBOMs Explained

A software bill of materials (SBOM) is a list of all packages and libraries included in your application. It’s the …

An Introduction to Software Composition Analysis

Software Composition Analysis (SCA) is the process of determining the specific open-source software components…

Component License FAQ

Getting a holistic understanding of what component licenses are, why they matter, and their risks is a vital part of reducing the…

A Beginner’s Guide to Dependency Management

Terms like package manager, dependency management, repository, and repository manager are thrown around a…

What is Open Source Software?

Which terms come to mind when you think of the phrase “open source software?” Perhaps “free code” or maybe “time savings?”…

The Software Supply Chain: Explained

“Supply Chain Management” describes the act of managing the flow of raw, unprocessed materials as they’re…

Sonatype’s Solutions in the Supply Chain

Getting all the value from Sonatype’s tools requires that you understand how they fit into the software supply chain. If…


DevOps

Principle-based DevOps Frameworks

In this article, we’ll discuss the following three principle-based DevOps frameworks, as well as the common themes we can…

What Does It Mean To Shift Left?

A central pillar of DevOps and DevSecOps is Shift Left, also called Start Left. This phrase describes the principle of…

What is DevOps?

DevOps is a cultural transformation that aims to accelerate innovation by tearing down silos between…

Why DevOps?

In this article, we’ll discuss a brief history of DevOps, including what problems DevOps attempts to solve, as well as the business…

What is DevSecOps?

The basic premise behind DevSecOps may even go by different names, depending on who’s doing the talking…

Why DevSecOps?

There are many compelling reasons for prioritizing OSS component management as part of your DevSecOps strategy…