Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt

By Ax Sharma on April 13, 2021 vulnerabilities
New malware exists in a brandjacking npm package called web-browserify that imitates the legitimate browserify component
Read More...

Update to CVE-2019-7238 in Nexus Repository Manager 3

By Brent Kostak on April 12, 2021 Nexus Repository
An article was brought to our attention that suggests a new attack tactic is targeting an old vulnerability in NXRM, CVE-2019-7238. Ensure you're upgraded to the latest version.
Read More...

Meet the Developers Behind Sonatype’s Automated Malware Detection System Securing Open Source Supply Chains

By Ax Sharma on April 08, 2021 vulnerabilities
Meet the principal software engineers behind Sonatype's automated malware detection system, Release Integrity.
Read More...

Deep Diving into CVE-2021-22114 Spring-integration-zip Path Traversal

By Juan Aguirre on March 31, 2021 vulnerabilities
We take a deep dive into CVE-2021-22114, which is causing problems for the second time.
Read More...

Netmask Flaw Leaves Millions Vulnerable While a PHP Git Server is Hacked in Software Supply Chain Attack

By Ax Sharma on March 29, 2021 vulnerabilities
2 critical software supply chain attacks were uncovered today. An improper input validation vulnerability in the npm component netmask and an attack on PHP’s Git server.
Read More...

Understanding Nexus Container: 5 Technologies You Need for Full Life Cycle Container Security

By Alexander Dale on March 16, 2021 Container Security
Say hello to Nexus Container and explore the five technologies you need for full life cycle container security.
Read More...

Why Sonatype is Acquiring MuseDev

By Brian Fox on March 16, 2021 Nexus Lifecycle
Today, Sonatype acquired MuseDev, a developer-first source code analysis platform and unveiled the world’s first full-spectrum platform for strengthening cloud-native software supply chain
Read More...

New in Nexus Repository 3.30: Microsoft Azure Blob Storage Support for Expanded Cloud Deployments

By Brent Kostak on March 15, 2021 Nexus Repository
We are excited to announce Azure Blob Storage support - Nexus Repository Pro users can now manage and deploy their critical infrastructure on Microsoft’s Azure Cloud Platform.
Read More...