'everything' matters — why the npm package sparked controversy

By Ax Sharma on January 04, 2024 npm

4 minute read time

An npm package sparked controversy after its publication. Understand what it does and how you can safeguard yourself against such packages.
Read More...

Unraveling the Struts2 security vulnerability: A deep dive

By Aaron Linskens on December 21, 2023 security vulnerabilities

6 minute read time

Learn about the critical security vulnerability in Apache Struts2 from a Sonatype webinar covering CVE-2023-50164 with a risk of remote code execution
Read More...

Struts2 CVE-2023-50164 by the numbers

By Ilkka Turunen on December 19, 2023 vulnerability disclosure

5 minute read time

Struts2 security vulnerability is not like Log4j, but it is similar to historic breaches and has the potential for disaster if not addressed properly.
Read More...

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

By Aaron Linskens on December 18, 2023 government

5 minute read time

OpenSSF published a response to CISA's request for comment on their white paper about software identification
Read More...

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component

By Jeff Wayman on December 14, 2023 vulnerabilities

6 minute read time

The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.
Read More...

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

By Ilkka Turunen on December 14, 2023 vulnerabilities

3 minute read time

Sonatype covers how Ledger, a maker of hardware wallets for storing crypto, identified malicious software embedded in one of their open source packages
Read More...

The Top 5 trends every DevOps leader needs to know for 2024

By Aaron Linskens on December 07, 2023 Development strategy

3 minute read time

Five key predictions shaping the future of software development with insights to empower DevOps leads in navigating the evolving development landscape
Read More...

The Top 5 trends every CISO needs to know for 2024

By Nicole Lavella on December 07, 2023 CISO

3 minute read time

Five key predictions shaping the future of software development with insights to empower CISOs in navigating the evolving development landscape
Read More...

What goes great with SLSA? Sonatype.

By Jeff Wayman on December 06, 2023 Software Supply Chain

6 minute read time

Learn about seamless compatibility between SLSA and Sonatype products, highlighting the powerful synergy that can enhance your software security efforts
Read More...