Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials
Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...

New Integration to Visual Studio Code - Nexus IQ and OSS Index

By Allen Hsieh on December 04, 2019 Nexus Lifecycle
Introducing the new Nexus IQ integration for VS Code. If you want to understand how we built it, why we built it, and the problems it solves, read on.
Read More...

Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + 'prototype' pollution

By Elisa Velarde on November 27, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2018-16487: remote code execution and 'prototype' pollution in Lodash and how to protect against a hack of this vulnerable vector.
Read More...

Take Our Survey: Microservices, Containers, and Serverless Development

By Jim Wilcox on November 27, 2019 development survey
If you are excited about microservices, containers, or serverless development, please take a moment to fill out this survey to shape the future of Nexus IQ.
Read More...

CircleCI Maven Release Orb

By Dan Rollo on November 26, 2019 Apache Maven
Building on work by Benny Bottema, this new Orb moves project increments to a new version and updates the project version to the next development.
Read More...

Nexus Lifecycle Now Integrates with Red Hat Clair to Secure Containers Across the SDLC

By Michelle Dufty on November 25, 2019 featured
Sonatype is automating container security via an open API that makes it easy for third-party container scanners to integrate with Nexus Lifecycle - starting with Red Hat Clair.
Read More...

Are You a Fool with a Tool?

By DJ Schleen on November 22, 2019 security
Buckminster Fuller cautioned against prioritizing tools. DevOps should always include discussions of culture, strategy, and process for the best outcomes.
Read More...

“This is the New Op Model” - Why State Farm Sponsored ADDO, and the Results

By Katie McCaskey on November 20, 2019 devops best practices
4,000 developers from State Farm attended this year's All Day DevOps, sponsored by Sonatype. Why did they attend, and what did they get out of it?
Read More...

Vista Acquires a Majority Interest in Sonatype: A Great Day for our Customers, Partners and Community

By Wayne Jackson and Brian Fox on November 18, 2019 featured
Sonatype is excited to share that Vista Equity Partners is acquiring a majority interest in the company - meaning our journey continues alongside a powerful new strategic partner.
Read More...