'everything' matters — why the npm package sparked controversy

By Ax Sharma on January 04, 2024 npm

4 minute read time

An npm package sparked controversy after its publication. Understand what it does and how you can safeguard yourself against such packages.
Read More...

Unraveling the Struts2 security vulnerability: A deep dive

By Aaron Linskens on December 21, 2023 security vulnerabilities

6 minute read time

Learn about the critical security vulnerability in Apache Struts2 from a Sonatype webinar covering CVE-2023-50164 with a risk of remote code execution
Read More...

Struts2 CVE-2023-50164 by the numbers

By Ilkka Turunen on December 19, 2023 vulnerability disclosure

5 minute read time

Struts2 security vulnerability is not like Log4j, but it is similar to historic breaches and has the potential for disaster if not addressed properly.
Read More...

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

3 minute read time

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week
Read More...

Are unnecessary vulnerabilities polluting your software supply chain?

7 minute read time

As malicious software supply chain attacks continue to evolve, so do the ways that bad actors exploit vulnerable libraries.
Read More...

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials

5 minute read time

Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...

Developers, Say Goodbye to Vulnerabilities. Squash Those Bugs!

By Katie McCaskey on June 12, 2019 Nexus Lifecycle

2 minute read time

Sonatypers Jerome Gergel and Melanie Latin offer developers a set of four best practices once violations are identified in your software.
Read More...

Part 2 - [ ________ ] is the Best Policy

By David Jones on August 13, 2014 open source survey

3 minute read time

In Part 1, ‘[ ________ ] is the Best Policy, we looked at some of the common aspects of an open source policy and discussed how our recent survey discovered.
Read More...

Sonatype Nexus Security Advisory

By Brian Fox on January 16, 2014 nexus pro

5 minute read time

Sonatype Nexus Security Advisory
Read More...