This Week in Malware - 135 Packages Target npm and PyPI Registries

By Aaron Linskens on September 30, 2022 vulnerabilities

3 minute read time

This week in malware, we discovered and analyzed 135 packages flagged as malicious, suspicious, or dependency confusion attacks in npm and PyPI registries.
Read More...

Despite What Some Vendors Say, Please Don’t Ignore Log4j

By Stephen Magill on September 26, 2022 Nexus Lifecycle

5 minute read time

Ignoring Log4j and recommending that high-risk open source vulnerabilities be left in application code isn't just irresponsible, it's dangerous.
Read More...

This Week in Malware - Over Five Dozen More Packages Discovered

By Aaron Linskens on September 23, 2022 vulnerabilities

2 minute read time

This week in malware we discovered and analyzed over five dozen packages flagged as malicious, suspicious, or dependency confusion attacks.
Read More...

Wicked Good Development Episode 15: Russ Eling Talks Founding OSS Consultants and Open Source Compliance

By Kadi Grigg on September 22, 2022 Community

22 minute read time

Russ Eling, Founder & CEO of OSS Consultants, joins Kadi Grigg and A.J. Brown to discuss how his tenure at General Motors led to founding OSS Consultants.
Read More...

How You Can Manage and Eliminate Technical Debt

7 minute read time

Understanding technical debt is critical to better understanding, and securing, your software supply chain.
Read More...

Celebrating Sonatypers

By Savanna Hajdasz on September 20, 2022 Sonatype culture/awards

3 minute read time

The Values Champion initiative is a peer-nominated, peer-selected program that celebrates employees who holistically live up to Sonatype’s Core Values.
Read More...

Arming the Defender Force and Securing the Software Supply Chain: Helping Developers Implement CISA Best Practices - Part 1

By Eric Hill on September 19, 2022 Nexus Lifecycle

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.
Read More...

This Week in Malware - Almost 100 Packages

By Aaron Linskens on September 16, 2022 vulnerabilities

2 minute read time

This week in malware Sonatype discovered and analyzed over seven dozen packages flagged as malicious, suspicious, or dependency confusion attacks.
Read More...

Being the 'B' in LGBTQIA+

By John Kruger on September 16, 2022 News and Views

2 minute read time

September 16-23rd is Bisexual Awareness Week (#BiWeek) and Sonatype's Senior Technical Support Engineer, John Kruger, talks about what it's like to be bi.
Read More...