Next generation software supply chain attacks continue to threaten secure application development.

More than ever, it is critical to learn how to manage and secure developer source code, open source dependencies, containers, and infrastructure as code. Here’s why:

  • Adversaries are getting bolder with novel malware & zero-day attacks. Sonatype has discovered 12,000+ suspicious & malicious packages within npm and PyPI ecosystems.
  • 21,000+ new versions of open source libraries are released per day. Open source components are not created equal. Some are vulnerable from the start, while others go bad over time.
  • Usage has become more complex. With tens of billions of downloads, it’s increasingly difficult to manage libraries and direct dependencies.
  • Transitive dependencies: if you are using dependency management tools like Maven (Java), Bower (JavaScript), Bundler (Ruby), etc., then you are automatically pulling in third-party dependencies—a liability that you can’t afford.