Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
image013.png
READ MORE

Application Health Check: Free tool to see if you’re impacted by the Struts2

By Daniel Sauble on September 26, 2017 Nexus Lifecycle

4 minute read time

Find out in less than 5 minutes if your apps contain open source components with known vulnerabilities by using the freely downloadable Application Health Check
Read More...
log4j
READ MORE

The Most Underutilized Policy Type in Lifecycle

By Curtis Yanko on September 22, 2017 Policies

2 minute read time

Software supply chain policies in the IQ server for architects to enforce design contracts.
Read More...
what-is-gdpr-750x400.jpg
READ MORE

GDPR Compliance? Lessons Learned from Equifax

By Matt Howard on September 22, 2017 Open Source

2 minute read time

The lesson from Equifax is simple. Cyber risk management has less to do with perimeter defense, and more to do with open source governance and app hygiene.
Read More...
GettyImages-984084382
READ MORE

Nexus Repository: New Beta REST API for Content

By Michael Prescott on September 21, 2017 Nexus Repository

3 minute read time

Nexus Repository - Beta REST API
Read More...
Slide9.png
READ MORE

Struts2 Breach at Equifax was 100% Preventable. Here's how.

By Ilkka Turunen on September 20, 2017 Nexus Lifecycle

25 second read time

The breach at Equifax is a siren call for organizations to approach the problem of managing open source software by using automated technology.
Read More...
Brians Family.png
READ MORE

Brian Fox: What does Sonatype do? What do I do all day?

By Brian Fox on September 15, 2017 Sonatype

1 minute read time

Many of my friends and most of my family struggle to understand what it is Sonatype does and therefore what I do all day.
Read More...
ASF - 700 x 700.png
READ MORE

Security Processes at the Apache Software Foundation (video and podcast)

By Mark Miller on September 15, 2017 Struts

1 minute read time

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation
Read More...
08298b6[1].jpg
READ MORE

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

By Mark Miller on September 14, 2017 Known Vulnerabilities

1 minute read time

With the acknowledgement by Equifax this morning, we talk about who is responsible for this, the creators of the open source solutions or people who use them.
Read More...
GettyImages-891707018
READ MORE

Nexus Lifecycle XC is now available

By Michelle Dufty on September 14, 2017 Nexus Lifecycle

1 minute read time

Nexus Lifecycle XC is now available
Read More...
iStock-629789582.jpg
READ MORE

Remediation at Scale: Lessons from PayPal for the Equifax Security Team

By Derek Weeks on September 13, 2017 devsecops

2 minute read time

PayPal Lessons for the Equifax Security Team regarding the Struts2 related breach.
Read More...
Ryan Knell.jpg
READ MORE

Bracing for Impact in More Ways than One -- Apache Struts2 (S2-053)

By Ryan Knell on September 12, 2017 Nexus Lifecycle

5 minute read time

How one Sonatype Engineer responded to the Apache Struts2 announcement... while dealing with a hurricane bearing down on him.
Read More...
READ MORE

Sonatype Statement: Struts2 and Equifax Breach

By Matt Howard on September 11, 2017 Open Source

2 minute read time

Organizations like Equifax who leverage open source are responsible for practicing hygiene in a timely manner when fixes for vulnerabilities are available.
Read More...
iStock-187023602-1.jpg
READ MORE

Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 Software Supply Chain

3 minute read time

Equifax breach of 143 million consumer records linked to Struts2 open source vulnerability.
Read More...
READ MORE

What you should know about the latest Struts2 Vulnerability (video and podcast)

By Mark Miller on September 08, 2017 OSS governance

1 minute read time

What you should know about the recent struts 2 vulnerability announcements from September 2018
Read More...
iStock-502159069-1.jpg
READ MORE

A Struts2 Vulnerability Hurricane: Deserialization

By Derek Weeks on September 06, 2017 Struts

3 minute read time

Attackers are widely exploiting a new vulnerability in Apache Struts2 that allows them to remotely execute malicious code on web servers.
Read More...
Architecting_Containers_Part_5__Building_a_Secure_and_Manageable_Container_Software_Supply_Chain_–_Red_Hat_Enterprise_Linux_Blog.png
READ MORE

Want to Understand Software Supply Chains? Ask Red Hat

By Matt Howard on September 01, 2017 Red Hat

1 minute read time

Want to learn about automating and scaling modern software supply chains? Ask our friends at Red Hat. They know what they're talking about.
Read More...