Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

By Ax Sharma on November 16, 2020 vulnerabilities
Sonatype has discovered more malware in the npm registry, xpc.js, which has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem.
Read More...

Open Source and Cloud Security Together at Last

By Kevin Miller on November 12, 2020 Nexus Lifecycle
Sonatype and Fugue partner to combine Open Source and Cloud Security and Compliance
Read More...

Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits

By Brent Kostak on November 11, 2020 Docker
Nexus as a Container Registry is a robust and completely free solution to help developers insulate themselves against any upstream rate charges from Docker Hub's new rate limit changes.
Read More...

Discord.dll: successor to npm “fallguys” malware went undetected for 5 months

By Ax Sharma on November 09, 2020 vulnerabilities
Sonatype has identified a series of counterfeit components in the npm ecosystem, Discord.dll, that are similar to the malicious “fallguys” npm package discovered in Sept.
Read More...

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github
Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...

Turkish Banking Agency Mandates Better Software Supply Chain Hygiene

The Banking Regulation and Supervision Agency has introduced new standards to protect the Turkish citizenry and require banks to more aggressively protect customer data, payment information and
Read More...

Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!

By Ax Sharma on November 02, 2020 vulnerabilities
Sonatype’s Release Integrity, malicious code detection service, discovers twilio-npm` is brandjacking malware in disguise.
Read More...

Discord squashes critical Electron bugs: open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle
Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...

What I Learned from DevSecOps Leaders in a High Tech World

By Sara Budsock on October 16, 2020 devsecops
DevSecOps leaders from FISERV, Sirius XM, NBC Universal, OneTrust, Estée Lauder, PointClickCare, and Micro Focus, share how DevSecOps adoptions is adding value to their organizations.
Read More...