Sonatype stories
Sonatype warns of surge in trusted open-source malware
Last week
#
application security
#
devsecops
#
supply chain
Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.
Sonatype finds live data beats larger AI models on upgrades
Last month
#
devops
#
application security
#
supply chain
Sonatype says smaller AI tied to live software data can outsecure larger models on dependency upgrades, slashing risk and cost.
Sonatype updates Repository Firewall to target open-source malware
Thu, 1st May 2025
#
virtualisation
#
application security
#
devsecops
Sonatype enhances Repository Firewall to proactively block open source malware, integrating Zscaler and supporting Docker and AI models for robust DevSecOps protection.
Sonatype reports rise in open source malware to 17,954
Thu, 3rd Apr 2025
#
malware
#
firewalls
#
supply chain
Sonatype's latest Open Source Malware Index reveals a staggering rise in malware, with over 17,900 packages identified in Q1 2025, reflecting evolving threats.
Sonatype launches AI tool to secure open source tech use
Fri, 7th Mar 2025
#
devops
#
supply chain
#
apm
Sonatype has unveiled its new AI Software Composition Analysis capabilities to enhance security and governance for open source AI technologies in enterprises.