Tag Archives: oss

Did you wake up to an alert about the Java Deserialization vulnerability?

November 13, 2015 By
Brian Fox

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you have no idea what I’m talking about, stop now and go read this factual and un-sensationalized account of the situation. I’ll wait.

Continue reading...

Nigel’s Wake-up Call: Scaling Open Source Governance

November 3, 2014 By
Derek Weeks
Portrait of a surprised young man wearing eyeglasses

The Wake-up Call They had downloaded over 200,000 open source components in the past year.  And their open source policy…the one established to protect against license risks and security vulnerabilities?  It covered about 3% of them. This is how Nigel Simpson, Director of Architecture at a major media and entertainment company, described his organization’s “huge” […]

Continue reading...

How to Partition Nexus Repositories: Targets, Privileges, and Roles

Juven Xu

Part of my daily routine involves managing the Sonatype OSS Repository, a free, hosted Nexus Professional instance for hosting open source project repositories . There are more than 100 projects hosted on the OSS instance, and each project has at least one release repository, one snapshot repository, and one repository group.    When we started offering […]

Continue reading...