Senior Full Stack Software Engineer

Red Hat introduces Project Hummingbird. Red Hat announced Project Hummingbird, an early access program for Red Hat subscription customers that provides a catalog of minimal, hardened container images. Project Hummingbird is designed to help IT organizations address the constantly growing demand for better software with minimal attack surfaces, delivered more swiftly without compromising production security. Project Hummingbird addresses the dueling needs of speed and risk mitigation with a catalog of tested, micro-sized container images stripped of non-essential components, including: By offering these leaner, production-ready images, Project Hummingbird intends to reduce the time and effort spent on package integration and vulnerability management, freeing up resources to focus on faster, more effective innovation. - "Zero-CVE" status, meaning that Project Hummingbird images are shipped free of known vulnerabilities with functionality testing already completed, confirming that the images are also genuinely useful and stable. - Full production support will be available to subscription customers when Project Hummingbird is released for general availability. This delivers the full extent of a Red Hat subscription, providing access to Red Hat's hardened, documented software supply chain and deep enterprise expertise. Additionally, unsupported Project Hummingbird images will be freely available and redistributable at general availability, alongside following a similar model to other Red Hat offerings including Red Hat Universal Base Image (UBI). Project Hummingbird is built using the open source development process, originating from Fedora Linux components. Fedora Linux serves as the upstream source for Red Hat Enterprise Linux development. Red Hat announced Project Hummingbird, an early access program for Red Hat subscription customers that provides a catalog of minimal, hardened container images. Sonatype announced the launch of Nexus One, a single, agentic software supply chain infrastructure unifying open source intelligence, governance, and automation across enterprise software development. Progress Software announced its SaaS Retrieval-Augmented Generation (RAG) platform, Progress(R) Agentic RAG, is now available in AWS Marketplace, a digital catalog that helps customers find, buy, deploy and manage software, data products and professional services from thousands of vendors. Parasoft(link is external) announced a significant leap forward in autonomous software quality with its latest 2025.2 releases of Jtest and dotTEST. CloudBees announced the launch of the Unify AI Design Partner (AIDP) program. noBGP announced the launch of pi GPT, a custom GPT for OpenAI's ChatGPT that allows users to bring their Raspberry Pi devices into the vibe coding ecosystem. Postman announced its acquisition of liblab, a platform for developers that automates the generation and maintenance of Software Development Kits (SDKs). JFrog announced an expansion of its AI governance capabilities within the JFrog Software Supply Chain Platform with the introduction of Shadow AI Detection. Red Hat introduced the general availability of Red Hat Enterprise Linux 10.1 and 9.7, building on the innovations of Red Hat Enterprise Linux 10 for a more intelligent and future-ready computing foundation. Solo.io announced the launch of agentregistry, a centralized, trusted, and curated open source registry for AI applications and artifacts. Red Hat announced the general availability of Red Hat OpenShift 4.20, the latest version of the hybrid cloud application platform powered by Kubernetes. The Cloud Native Computing Foundation(R)(CNCF(R), which builds sustainable ecosystems for cloud native software, announced a major new release of Helm, coinciding with the project's 10th anniversary. Mirantis announced the latest release of Mirantis k0rdent Enterprise, with Mirantis k0rdent Virtualization - enabling workloads to run with cloud-native applications and traditional virtualized workloads. Couchbase announced significant advancements to the Couchbase Mobile platform, which makes it possible to run AI-powered applications on devices operating at the disconnected edge. Legit Security announced VibeGuard, a solution designed to secure AI-generated code at the moment of creation and to secure coding agents.

Sonatype partners with Vertosoft to strengthen public sector software supply chain security. Sonatype has named Vertosoft its new value-added distributor to expand public sector access to secure software development and supply chain management tools through Vertosoft's government contract portfolio and partner network. The partnership comes amid the artificial intelligence era, where the technology becomes central to software engineering, according to a Vertosoft press release. The growing focus on responsible and secure AI adoption will take center stage at the Potomac Officers Club's 2026 Artificial Intelligence Summit on March 19, where federal and industry leaders will discuss how machine learning, automation and software assurance are transforming government operations. The event will bring together practitioners from across defense, civilian and tech sectors to explore practical strategies for building trustworthy AI systems and resilient digital supply chains. Register now to join the discussion shaping the future of AI in the public sector. "AI is redefining how agencies build, test, and deploy software," said Antoine Harden, regional vice president of federal sales at Sonatype. "Together, Sonatype and Vertosoft are enabling government developers to harness AI responsibly - embedding automation, security, and compliance directly into the software development lifecycle." What does the Sonatype Vertosoft partnership cover? Vertosoft will distribute Sonatype's full product suite, including its software bill of materials management platform, open-source malware detection tools and dependency governance tools. These capabilities are tailored to meet federal compliance and security requirements and to address rising threats within open-source ecosystems. "Our partnership with Sonatype marks a pivotal step in strengthening software supply chain security across the public sector," said Josh Slattery, vice president of technology sales at Vertosoft. "By combining Sonatype's industry-leading platform with Vertosoft's deep public sector expertise, we're enabling agencies to proactively manage risk, ensure compliance, and accelerate innovation with confidence."

Sonatype launches nexus repository cloud for the gen AI era. World's most trusted binary artifact manager now available as a cloud-native, fully managed saas offering with built-in malware protection. Fulton, md. - october 8, 2025 - sonatype(r), the leader in ai-centric devsecops, today announced the launch of nexus repository available in the cloud, the fully managed saas version of its industry-leading artifact repository manager. Built for modern software delivery and the speed of the gen ai-powered SDLC, nexus repository cloud empowers developers and devops teams to build, release, and deploy applications at enterprise scale - with zero maintenance and built-in protection against malicious open source. Trusted by 70% of the fortune 100 and more than 15 million developers worldwide, nexus repository has long been the backbone of enterprise software development. As more enterprises implement AI into their development processes, the need for reliable, scalable, and secure artifact management in the cloud has never been greater. Sonatype research estimates 50% of unprotected repositories have already cached open source malware, putting enterprises at risk when developers pull dependencies directly into production pipelines. "In today's gen AI era, enterprises need more than just another cloud repository - they need one that's inherently intelligent and secure," said mitchell johnson, chief product development officer at sonatype. "Because sonatype uniquely combines deep open source intelligence with artifact management, nexus repository is the industry's first and only secure binary artifact repository. With the launch of nexus repository cloud, enterprises can now choose a fully managed saas option to run at enterprise speed and scale, without ever trading off security for productivity." Nexus repository cloud brings all the power of the industry's most trusted repository into a cloud-native, fully managed service with: * enterprise speed and scale: cloud-native elasticity ensures performance never becomes a bottleneck. * zero maintenance: fully managed saas eliminates upgrades, patches, and downtime overhead. * ai-era artifact management: A central system of record for modern artifacts, from open source packages to AI/ML models. * malware protection: powered by sonatype's unmatched open source intelligence and repository firewall, automatically blocking open source malware. * developer-first experience: fast performance, simple onboarding, and the same trusted workflows developers already use. "As we accelerate our cloud-first strategy at sonatype, i'm excited to see our flagship nexus repository solution move to the cloud - a key step as we continue to shape the future of secure software development," said bhagwat swaroop, chief executive officer at sonatype. "By delivering our most trusted repository manager as a fully managed service, we're helping enterprises scale with confidence, simplify operations, and give developers the modern foundation they need to thrive in the AI era." Available on the sonatype website or on AWS marketplace, nexus repository gives teams the flexibility to build and scale globally. For more information on sonatype nexus repository, visit www.sonatype.com/products/sonatype-nexus-repository. About sonatype sonatype is the leader in ai-centric devsecops. As the maintainers of maven central and creators of nexus repository, sonatype has spent two decades pioneering how the world manages and secures open source software - making sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds - so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the fortune 100. To learn more about sonatype, please visit www.sonatype.com.