26% Acknowledge a Web Application Breach in 2019

By Derek Weeks on February 12, 2019 OSS governance

3 minute read time

Following news that a hacker breached 16 sites via security vulnerabilities within web applications, we're sharing new insight from the 2019 DevSecOps.
Read More...

Equifax was 100% preventable -- But 18,000 others at risk

By Derek Weeks on December 17, 2018 vulnerabilities

2 minute read time

Karpovich reflected on findings from the House report that the breach at Equifax was 100% preventable -- as the vulnerability at the root of the breach was one.
Read More...

Policy Governance Made Easy - Introducing the Nexus Notifier Plugin for Bitbucket

By Justin Young on September 04, 2018 Nexus Lifecycle

2 minute read time

We’re excited to announce the Sonatype Nexus Notifier Plugin for Jenkins now has initial support for Bitbucket Code Insights.
Read More...

The Hijacking of a Known GitHub ID: go-bindata

By Brian Fox on February 07, 2018 Software Supply Chain

2 minute read time

the creator of go-bindata deleted their @github account and someone else created a new account under the same name
Read More...

The Power of Data in DevSecOps

By Derek Weeks on January 28, 2018 OSS governance

2 minute read time

Better data improves mean times to repair in DevSecOps pipelines.
Read More...

Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 Software Supply Chain

3 minute read time

Equifax breach of 143 million consumer records linked to Struts2 open source vulnerability.
Read More...

What you should know about the latest Struts2 Vulnerability (video and podcast)

By Mark Miller on September 08, 2017 OSS governance

1 minute read time

What you should know about the recent struts 2 vulnerability announcements from September 2018
Read More...

Automated Enforcement: The Not So Subtle Difference Between Sonatype Nexus and Everyone Else

By Matt Howard on June 15, 2017 OSS governance

3 minute read time

Only Sonatype delivers open source intelligence that is precise enough to enable automated enforcement of policies across every phase of the DevOps pipeline.
Read More...

Nexus Firewall Grows with Support for PyPI

By Jamie Whitehouse on April 19, 2017 Nexus Firewall

4 minute read time

Sonatype’s Nexus Firewall enables development teams to evaluate every PyPI package they download from public repositories for license, security, & other risks
Read More...