Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

By Mike Hoskins on March 04, 2020 npm

5 minute read time

Building good hygiene habits as part of our development practice helps the community at large. Here's how to use Nexus Repository OSS as part of it.
Read More...

Gartner: You Must Assess Overall Software Health and Welfare

By Katie McCaskey on February 24, 2020 Gartner

4 minute read time

Gartner reports that mature organizations are expanding open-source management to include health assessment by default.
Read More...

Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud

By Michelle Dufty on October 11, 2019 Nexus Lifecycle

2 minute read time

The Nexus IQ Extension for Azure DevOps scans builds to identify open source security, license, or quality policy violations.
Read More...

Alexa: What’s the Future of Cyber Security?

By Katie McCaskey on May 02, 2019 devsecops

5 minute read time

The software supply chain connects everyone and everything but attacks to this connected web can be blatant and overt, with damaging consequences - especially.
Read More...

Who Cares if Supermicro Happened. Supply Chain Attacks are Real and It’s Time to Pay Attention

3 minute read time

Technology supply chain attacks are happening in the wild, and whether or not the Supermicro story is real, it should be a wake-up call for all of us.
Read More...

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

By Brian Fox on March 07, 2018 known vulnerability

2 minute read time

Organizations keep software applications safe, not by chance, but by preparation.
Read More...

Sonatype Statement: Struts2 and Equifax Breach

By Matt Howard on September 11, 2017 Open Source

2 minute read time

Organizations like Equifax who leverage open source are responsible for practicing hygiene in a timely manner when fixes for vulnerabilities are available.
Read More...