Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Onboarding Nexus Lifecycle Through SCM

By Kevin Miller on April 22, 2021 Nexus Lifecycle
We're simplifying the Nexus Lifecycle onboarding process, and making it easy to quickly onboard apps from a source control repository such as GitHub, GitLab, and Bitbucket.
Read More...

How We're Staying Connected with Our Channel Partners in a Virtual World

By Ashleigh Auld on April 22, 2021 featured
As part of our channel partner kickoff, we asked partners to share part of their country's culture in video, to bring us all a little closer in today's virtual world.
Read More...

What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetected for 2 Months

By Ax Sharma on April 19, 2021 vulnerabilities
A new software supply chain attack on software testing firm Codecov highlights why developers to take an active role in protecting their systems.
Read More...

Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt

By Ax Sharma on April 13, 2021 vulnerabilities
New malware exists in a brandjacking npm package called web-browserify that imitates the legitimate browserify component
Read More...

Update to CVE-2019-7238 in Nexus Repository Manager 3

By Brent Kostak on April 12, 2021 Nexus Repository
An article was brought to our attention that suggests a new attack tactic is targeting an old vulnerability in NXRM, CVE-2019-7238. Ensure you're upgraded to the latest version.
Read More...

Meet the Developers Behind Sonatype’s Automated Malware Detection System Securing Open Source Supply Chains

By Ax Sharma on April 08, 2021 vulnerabilities
Meet the principal software engineers behind Sonatype's automated malware detection system, Release Integrity.
Read More...

Deep Diving into CVE-2021-22114 Spring-integration-zip Path Traversal

By Juan Aguirre on March 31, 2021 vulnerabilities
We take a deep dive into CVE-2021-22114, which is causing problems for the second time.
Read More...

Netmask Flaw Leaves Millions Vulnerable While a PHP Git Server is Hacked in Software Supply Chain Attack

By Ax Sharma on March 29, 2021 vulnerabilities
2 critical software supply chain attacks were uncovered today. An improper input validation vulnerability in the npm component netmask and an attack on PHP’s Git server.
Read More...