Sonatype Guides
Crucial industry insights, from the experts themselves, in text-based form.
Software Supply Chain
Software Supply Chain
SBOMs Explained
A software bill of materials (SBOM) is a list of all packages and libraries included in your application. It’s …
Software Supply Chain
An Introduction to Software Composition Analysis
Software Composition Analysis (SCA) is the process of determining the specific open-source software components…
Software Supply Chain
Component License FAQ
Getting a holistic understanding of what component licenses are, why they matter, and their risks is a vital part of…
Software Supply Chain
A Beginner’s Guide to Dependency Management
Terms like package manager, dependency management, repository, and repository manager are thrown around a…
Software Supply Chain
What is Open Source Software?
Which terms come to mind when you think of the phrase “open source software?” Perhaps “free code” or maybe…
Software Supply Chain
The Software Supply Chain: Explained
“Supply Chain Management” describes the act of managing the flow of raw, unprocessed materials as they’re…
Software Supply Chain
Sonatype’s Solutions in the Supply Chain
Getting all the value from Sonatype’s tools requires that you understand how they fit into the software supply chain. If…
DevOps
DevOps
Principle-based DevOps Frameworks
In this article, we’ll discuss the following three principle-based DevOps frameworks, as well as the common themes we can…
DevOps
What Does It Mean To Shift Left?
A central pillar of DevOps and DevSecOps is Shift Left, also called Start Left. This phrase describes the principle of…
DevOps
What is DevOps?
DevOps is a cultural transformation that aims to accelerate innovation by tearing down silos between…
DevOps
Why DevOps?
In this article, we’ll discuss a brief history of DevOps, including what problems DevOps attempts to solve, as well as the business…
DevOps
What is DevSecOps?
The basic premise behind DevSecOps may even go by different names, depending on who’s doing the talking…
DevOps
Why DevSecOps?
There are many compelling reasons for prioritizing OSS component management as part of your DevSecOps strategy..
Definitive Guides
Definitive Guide to Open Source Component Best Practices
The Definitive Guide to Open Source Component Best Practices
If you use open-source components in your apps, that means you have risk. Even the most cautious consumers are vulnerable…
Definitive Guide to Developer Adoption
The Definitive Guide to Developer Adoption
You need developers to adopt your processes, tools, and techniques for securing the supply chain. But how to make that happen?