Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Akshay 'Ax' Sharma on February 17, 2020 vulnerabilities
Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...

Get the Latest DevSecOps Reference Architecture

By DJ Schleen on February 13, 2020 reference architecture
Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...

Nexus Intelligence Insights CVE-2020-2100: Jenkins - UDP Amplification Reflection Attack Leading to Distributed Denial of Service (DDoS)

By Akshay 'Ax' Sharma on February 12, 2020 vulnerabilities
CVE-2020-2100 takes advantage of the fact that, by default, both UDP multicast/broadcast and DNS multicast traffic is enabled on Jenkins. Here's what to do.
Read More...

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities
Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.
Read More...

How to Publish Java Artifacts to Nexus Using Jenkins and Maven

By Daniel Hernández on February 07, 2020 Nexus Repository
In this article we are going to explore how you can publish Java artifacts (.ear, .jar, .war) to Nexus 3 using Jenkins and Maven.
Read More...

Anatomy of a Continuous Delivery Pipeline

By Peter Morlion on February 04, 2020 continuous deployment
Kamalika Majumder explains the anatomy of a continuous delivery pipeline, its benefits, and five key principles to shape and refine it.
Read More...

Why Do I Need a Binary Repository Manager?

By Ember DeBoer on January 30, 2020 repository manager
Binary repository managers serve a couple of important functions as part of a modern software development lifecycle. This post explore several benefits.
Read More...

Three DevSecOps Lessons Drawn from Conversations with 45 CISOs

By Matt Howard on January 29, 2020 CISO
CISOs reduce risk and significantly improve an organization's IT security posture by shifting more resources to the beginning of the digital supply chain.
Read More...

How Do Application-Level Package Managers Work?

By Ember DeBoer on January 23, 2020 repository manager
Managing dependencies is a complex task. As Sam Boyer explains, “It’s not the algorithmic side that makes [application-level package managers] hard.”
Read More...