Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

How to Easily Identify Conda Vulnerabilities Using Sonatype Jake

By Aditya Khanduri on February 20, 2020 Everything Open Source
Jake, a free tool, identifies vulnerabilities in a Conda environment. It's simple to use, saves time, and empowers you to develop Python projects faster.
Read More...

Helm & Nexus: Steering Towards Faster Deployments in Nexus 3.21

By Brent Kostak on February 19, 2020 The Central Repository
Nexus Repository 3.21 now supports Helm, P2, and NuGet V3 proxy repositories to enhance container automation and provide faster deployments.
Read More...

Larry Maccherone Says Pixie Dust Security is an Epic Failure [VIDEO]

By Mark Miller on February 18, 2020 AppSec
A fundamental DevSecOps failure, according to Comcast's Larry Maccherone, is believing that a sprinkle of pixie dust makes a completed application secure.
Read More...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

By Akshay 'Ax' Sharma on February 17, 2020 vulnerabilities
Learn how CVSS 3.1 is different from earlier versions and why changes to this security rating matters.
Read More...

Get the Latest DevSecOps Reference Architecture

By DJ Schleen on February 13, 2020 reference architecture
Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...

Nexus Intelligence Insights CVE-2020-2100: Jenkins - UDP Amplification Reflection Attack Leading to Distributed Denial of Service (DDoS)

By Akshay 'Ax' Sharma on February 12, 2020 vulnerabilities
CVE-2020-2100 takes advantage of the fact that, by default, both UDP multicast/broadcast and DNS multicast traffic is enabled on Jenkins. Here's what to do.
Read More...

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities
Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.
Read More...

How to Publish Java Artifacts to Nexus Using Jenkins and Maven

By Daniel Hernández on February 07, 2020 Nexus Repository
In this article we are going to explore how you can publish Java artifacts (.ear, .jar, .war) to Nexus 3 using Jenkins and Maven.
Read More...

Anatomy of a Continuous Delivery Pipeline

By Peter Morlion on February 04, 2020 continuous deployment
Kamalika Majumder explains the anatomy of a continuous delivery pipeline, its benefits, and five key principles to shape and refine it.
Read More...