Stay Current on the Latest Sonatype News

Media Hit

"We've been too nice" - open letter says OSS is at an inflection point

September 26, 2025

Media Hit

Stewards of public open-source infrastructure say a better funding model is needed

September 25, 2025

Media Hit

No digital sovereignty without European money for Rust, Python and Maven

September 25, 2025

Media Hit

Everyone benefits, hardly anyone contributes: Open source projects call for help

September 24, 2025

Media Hit

Open Source Infrastructure is Breaking Down Due to Corporate Freeloading

September 24, 2025

Media Hit

Open Letter Calls for Fundamental Change to Open Source Economics

September 23, 2025

Media Hit

Open Source Infrastructure: Powered by Passion, Exploited by Corporations

September 23, 2025

Media Hit

OpenSSF to freeloaders: Open source infra isn't free

September 23, 2025

Media Hit

Axios Future of Cybersecurity

September 23, 2025

Media Hit

When ‘minimal impact’ isn’t reassuring: lessons from the largest npm supply chain compromise

September 15, 2025

Media Hit

71% of CISOs hit with third-party security incident this year

September 9, 2025

Media Hit

The npm incident frightened everyone, but ended up being nothing to fret about

September 10, 2025

Media Hit

How AI and politics hampered the secure open-source software movement

September 9, 2025

Media Hit

Escalating npm supply chain malware attack drains crypto wallets

September 9, 2025

Media Hit

Content Pipelines: Balancing Speed With Reliability And Security

September 8, 2025

Media Hit

Massive npm hack poisons 18 packages with billions of downloads

September 8, 2025

Media Hit

Model Namespace Reuse Flaw Hijacks AI Models on Google and Microsoft Platforms

September 4, 2025

Media Hit

AI, Open Source and the Future of Secure Code

August 26, 2025

In the News

Stay up to date on what’s new at Sonatype.

"We've been too nice" - open letter says OSS is at an inflection point

Stewards of public open-source infrastructure say a better funding model is needed

No digital sovereignty without European money for Rust, Python and Maven

Everyone benefits, hardly anyone contributes: Open source projects call for help

Open Source Infrastructure is Breaking Down Due to Corporate Freeloading

Open Letter Calls for Fundamental Change to Open Source Economics

Open Source Infrastructure: Powered by Passion, Exploited by Corporations

OpenSSF to freeloaders: Open source infra isn't free

Axios Future of Cybersecurity

When ‘minimal impact’ isn’t reassuring: lessons from the largest npm supply chain compromise

71% of CISOs hit with third-party security incident this year

The npm incident frightened everyone, but ended up being nothing to fret about

How AI and politics hampered the secure open-source software movement

Escalating npm supply chain malware attack drains crypto wallets

Content Pipelines: Balancing Speed With Reliability And Security

Massive npm hack poisons 18 packages with billions of downloads

Model Namespace Reuse Flaw Hijacks AI Models on Google and Microsoft Platforms

AI, Open Source and the Future of Secure Code