Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

A World of Infinite Choice in Open Source Software

The 2019 Software Supply Chain Report explains the development environment we're all living in and what we can learn from exemplar dev teams.
Read More...

Nexus Intelligence Insights: CVE-2019-13354: 'strong_password' embedded malicious code, RubyGems

By Elisa Velarde on July 10, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2019-13354: strong_password, an embedded malicious code vulnerability in RubyGems.
Read More...

GDPR Gets Teeth: British Airways and Marriott Fined

By Ilkka Turunen on July 09, 2019 devsecops
Fines levied at British Airways and Marriott International under GDPR show why data protection must be a central part of the software supply chain.
Read More...

Developers, Rejoice: Auto-Remediation Now Available in Eclipse, IntelliJ, and Visual Studio

By Sonal Thawani on July 08, 2019 Nexus Lifecycle
Auto-remediation makes it even easier to choose the best component right within an IDE. The CIP now automatically suggests the compliant version.
Read More...

Repository Management: An Easy Way to Minimize Risk

By Katie McCaskey on July 05, 2019 repository manager
Mykel Alvis (@mykelalvis) of Array Consulting urges developers to use a caching, and preferably security-scanning, artifact repository. Here's why.
Read More...

Anonymous Access In Nexus Repository is Not A Zero-Day Vulnerability

By Brian Fox on July 02, 2019 Nexus Repository
A researcher contacted us about an issue in Nexus Repository, stemming from user access settings. This was not a zero day, but a product feature UX change, to make it easier to be more secure - we
Read More...

New Cloud-Native CI/CD Projects OpenShift Pipelines and Tekton

By Katie McCaskey on July 01, 2019 devsecops
Siamak Sadeghianfar of RedHat explains how the open source projects Tekton and OpenShift support cloud-native CI/CD projects.
Read More...

Nexus Intelligence Insights: CVE-2018-1109-Braces Regular expression Denial of Service (ReDoS) attack

By Elisa Velarde on June 28, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're analyzing the mechanics of the braces regular expression denial of service attack - and what you can do to stop it.
Read More...

Developers: We Must Evolve

By Derek Weeks on June 28, 2019 Devops
Chris Roberts of Attivo Networks sees many trends colliding that will require developers to adopt DevSecOps practices - now!
Read More...