Sonatype

AI is writing more of your code, but it’s not accountable for the dependencies it introduces. That means vulnerable, outdated, and even hallucinated packages can quietly make their way into production. Development speed is accelerating, but so is software supply chain risk. The real challenge isn’t adopting AI, it’s governing what it brings with it. Read more in our latest blog: https://lnkd.in/gn3qV_wv

Emerging threat: a new self-propagating malware campaign is spreading through npm Dubbed CanisterSprawl, the open source malware steals secrets, hijacks tokens, and republishes compromised packages, spreading across ecosystems before teams can react. This isn’t a one-off incident, it’s a glimpse into how quickly modern malware can scale and evade takedowns. If your defenses rely on manual prioritization and automation, you’re already behind. More info here: https://lnkd.in/gDSmDVWh #SoftwareSupplyChain #MalwareThreats #CyberSecurity #DevSecOps

Our Q1 2026 Open Source Malware Index is out and the most dangerous malware in Q1 2026 didn’t look malicious. 21,764 packages later, one pattern stands out: Trust is the new attack surface, and the risk is credential theft, CI/CD compromise, and downstream risk at scale. Check it out here: https://lnkd.in/gnSG2sdy Great reporting from Tom Spring in the comments. #CyberSecurity #OpenSource #SupplyChainSecurity #DevSecOps

Join us in shaping the future of software innovation. We’re looking for a Customer Success Manager with 10+ years of experience to drive adoption, retention, and customer impact at scale. If you’re passionate about building strong customer relationships and delivering value, we’d love to hear from you. Apply today: https://lnkd.in/gfHsK9ph Learn more about Sonatype India: https://lnkd.in/g7wPnGEs #SonatypeIndia #Sonatype #Hiring #CustomerSuccess #Careers #HyderabadJobs #TechCareers

Most software teams don’t have a vulnerability problem — they have a prioritization problem. AI improvements have shown that vulnerability reports will only increase exponentially. The real challenge is knowing what actually matters and fixing it without slowing developers down. Join our upcoming webinar to learn how high-performing teams are: ▪️ Reducing vulnerability noise with reachability ▪️ Automating fixes with Golden Pull Requests ▪️ Integrating security into developer workflows ▪️ Improving MTTR and fix rates without impacting delivery Register here: https://lnkd.in/gDTj5sCm #SoftwareSupplyChain #DeveloperProductivity #AppSec #CyberSecurity

Two events, one consistent takeaway: Federal teams are under pressure to move faster, while still maintaining control across increasingly complex software environments. Great to connect with so many of you at the MPE Summit and OpenText Government Summit this week and hear how you're approaching modernization, security, and consistency across teams. If you’re exploring ways to strengthen software visibility and governance, this may be helpful: https://lnkd.in/eaWHNeKv #Cybersecurity #SoftwareSupplyChain #AppSec #SoftwareGovernance

Anthropic’s #Mythos is a signal, not a one-off. AI-driven vulnerability discovery has moved from theory to operations, shrinking the window from discovery to weaponization and raising pressure across the software supply chain. This is a zero-trust problem. Teams need more than AI assistants — they need live software intelligence, automated policy enforcement, and controls that stop risky components before deployment. The software supply chain is now the control point. More: https://lnkd.in/gwBAWsDe #SoftwareSupplyChainSecurity #OpenSourceSecurity #AppSec #DevSecOps #AI

Be part of building the future of DevSecOps. We’re hiring a Solution Delivery Engineer with 5+ years of experience in cloud, DevOps, and customer-facing roles. If you enjoy solving complex challenges and working at the intersection of technology and customers, this is your opportunity. Apply today: https://lnkd.in/grBVKq5d Learn more about Sonatype India: https://lnkd.in/g7wPnGEs #SonatypeIndia #Hiring #DevOps #TechJobs #HyderabadJobs

At Sonatype India, it’s not just about what we build - it’s about how we build it together. From solving complex challenges to fostering a culture of collaboration and innovation, every moment reflects who we are. This is a glimpse of the energy, passion, and people that power our journey. Come, be a part of something bigger. Learn more about Sonatype India: https://lnkd.in/g7wPnGEs #SonatypeIndia #LifeAtSonatype #Innovation #Hyderabad 

AI innovation can’t afford supply chain risk. DCAI needed to secure thousands of open source components, fast. In weeks, they built a fully governed, scalable, and secure environment for their national AI supercomputer. The result? 100% vetted containers and innovation without friction. Read the full case study. https://lnkd.in/ggBtBijh #OpenSourceSecurity #DevSecOps #SoftwareSupplyChain #Cybersecurity