<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden">

Sonatype Blog

Stay updated on the latest news from the makers of Nexus

DevSecOps: In Time for Security

Changing Mindsets.

Historically developers have prioritized functional requirements over security when building software.  While secure coding practices important, they have often fallen into secondary or tertiary requirements for teams building applications against a deadline.

DevSecOps: Slaying the Myths of Container Security

Containers are clearly appealing for companies and development teams who want to deliver and iterate on their software faster and efficiently. This is achieved through more consistent, simple and repeatable deployments, rapid rollback, and simpler ways of orchestrating and scaling distributed applications.

DevSecOps: Integrating Automated Security Controls

DevSecOps: Embracing Automation While Letting Go of Tradition

While I am all for traditions like Thanksgiving turkey and Sunday afternoon football, holding onto traditions in your professional life can be career limiting. The awesome thing about careers in technology is that you constantly have to be on your front foot.  Because when you’re not, someone, somewhere, will be and when you meet them, they’ll win.

Sonatype on Federal News Radio

Listen to Matt Howard, Executive Vice President and Chief Marketing Officer at Sonatype, on Federal News Radio as he discusses the demand for quality open source components. 

Listen Now

Apache Struts Vulnerability: Live Updates

 

Update: 2:33 pm EST, 16 March 2017 - Struts2 Exploits in Japan

 
More Struts2 breaches in the wild.  This time in Japan (links go to Japanese sites):
 
  • Japan Post breach using Apache Struts2 vulnerability leads to 29,000 account leaks: http://exci.to/2mqMAwU 
  • Struts2 exploit of Okinawa electric power site leads to unauthorized access, email addresses outflow of about 6,500 accounts http://dlvr.it/Ndv4XY
Yesterday, it was the Canadian Revenue Agency and Statistics Canada site:
 
According to several news reports, the government of Canada took multiple sites down on March 9 including Statistics Canada as well as the Canada Revenue Agency (CRA) websites, with service not restored until March 12.
 
 

Update: 11:00am EST, 16 March 2017 - Podcast interview

Listen to Brian Fox and Shannon Lietz talk about the struts 2 vulnerabiy announcement, how you can determine if you're affected, and what you can do about it.

 

Update: 9:00am EST, 13 March 2017 - Video explaining exploits and remediation

 

Update:  3:00pm EST, 10 March 2017 - Speed Matters

When it comes to 0-day vulnerabilitities, speed matters.  Sonatype's research team curates our data and publishes information on the vulnerability, known exploits, and remediation paths as quickly as possible.

As of 3:00pm EST, the National Vulnerability Database indicates a pending CVE, but details have not yet been updated.  

Setting up a Docker Private Registry with Authentication Using Nexus and Nginx

This article shows how you can set up a Docker Private Registry with authentication and SSL using Nexus Repository OSS.

Nexus Repository OSS is a universal repository manager with support for all major package formats and types. It’s a free solution for storing and sharing Docker images and other components like NuGet or NPM packages across the deployment pipeline while keeping your proprietary and third-party images private and secure.