Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Azure DevOps Integration Now Available for Nexus Lifecycle

By Kevin Miller on September 23, 2021
In addition to our existing integration with the GitHub, GitLab, and Bitbucket services, Nexus Lifecycle now integrates into Azure DevOps.
Read More...

$3 Million Cryptocurrency Heist Stemmed from a Malicious GitHub Commit

By Ax Sharma on September 20, 2021 vulnerabilities
Cryptocurrency site loses funds after supply chain attack. A look at what happened, this time due to poor Git security policy.
Read More...

OMIGOD! Microsoft Secretly Installed an Open Source Agent with Critical Vulnerabilities on Thousands of Linux VMs

By Ax Sharma on September 17, 2021 vulnerabilities
Microsoft released patches for critical vulnerabilities in its Open Management Infrastructure (OMI) software agent which had been silently installed on Azure Linux VMs.
Read More...

The People Behind Sonatype: Sue Jasmin

By Sue Jasmin on September 16, 2021 News and Views
The Director of Agile Coaching at Sonatype, Sue narrated her journey through various industries, and what brought her to Sonatype.
Read More...

2021 State of the Software Supply Chain: Open Source Security and Dependency Management Take Center Stage

As Open Source Continues to Fuel Digital Transformation, Sonatype's 2021 Software Supply Chain Report Reveals Important Trends
Read More...

Cyber Mayhem - Attackers Actively Exploit Vulnerable Confluence Servers, while 500,000 Fortinet VPNs See Passwords Leaked

By Ax Sharma on September 13, 2021 vulnerabilities
Last week severe zero-days in Atlassian Confluence, Fortinet devices, and Microsoft Office all needed patching following active exploits.
Read More...

Forrester Recognizes Sonatype as a Leader in Software Composition Analysis

By Brent Kostak on September 10, 2021 Forrester
Sonatype recognized as a leader in 2021 Forrester Wave on SCA with the strongest market presence and top policy management criterion.
Read More...

Sonatype Now ISO 27001 Certified

By Michael Griffin on September 08, 2021
Sonatype leverages an internationally recognized credential to help protecting customer and supplier data and show our commitment to supply chain security.
Read More...

From Feature to Vulnerability: a spring-security-oauth2-client Story

By Juan Aguirre on August 27, 2021 vulnerabilities
Taking a deeper dive into a Spring vulnerability and understanding how lack of control over resources can lead to a DoS (Denial of Service).
Read More...