Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

npm packages caught exfiltrating Kubernetes config, SSH keys

By Ax Sharma on September 19, 2023 npm

4 minute read time

Sonatype tracks an ongoing campaign that uses npm packages to retrieve and exfiltrate Kubernetes configuration and SSH keys to an external server

Read More...

New npm PoC packages target PayPal Zettle, Airbnb developers

By Ax Sharma on September 12, 2023 npm

4 minute read time

Sonatype identified npm packages that exploit dependency confusion, named after internal dependencies purportedly used by PayPal Zettle and Airbnb

Read More...

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

By Aaron Linskens on September 12, 2023 Software Supply Chain

4 minute read time

Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders

Read More...

How to navigate DevOps principles: Analyzing Shift Left and Secure Right

By Aaron Linskens on September 06, 2023 shift left

5 minute read time

Explore Shift Left and Secure Right, what are their core principles to achieve high-quality, secure software and how they align with DevOps and DevSecOps

Read More...

A guide for open source software (OSS) security

By Aaron Linskens on August 28, 2023 secure software supply chain

6 minute read time

Evaluate open source software (OSS) security to ensure safe usage of software components in software development life cycles and software supply chains

Read More...

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.

Read More...

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

By Ax Sharma on August 03, 2023 Open Source

3 minute read time

A malicious PyPI package ‘VMConnect’ designed to resemble VMware vSphere Connector Module was caught by Sonatype’s automated malware detection systems

Read More...

Getting started with the Secure Software Development Framework (SSDF)

By Aaron Linskens on July 27, 2023 Software Supply Chain

6 minute read time

Discover how to get started with the Secure Software Development Framework (SSDF), what it contains, and why should you leverage it

Read More...

How to use Repository Health Check 2.0

By Sonatype on July 21, 2023 repository health check

3 minute read time

How to install RHC 2.0 in the Sonatype Nexus Repository.

Read More...

Previous Next

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

npm packages caught exfiltrating Kubernetes config, SSH keys

New npm PoC packages target PayPal Zettle, Airbnb developers

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

How to navigate DevOps principles: Analyzing Shift Left and Secure Right

A guide for open source software (OSS) security

Enhancing software supply chain security: New Sonatype product capabilities

Malicious PyPI package ‘VMConnect’ imitates VMware vSphere connector module

Getting started with the Secure Software Development Framework (SSDF)

How to use Repository Health Check 2.0

Secure your software supply chain

Subscribe for all the latest software security news and events