Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Extreme Endurance Required

By Katie McCaskey on July 19, 2019 News and Views
Sonatyper Mark Dodgson will test his physical limits and mental toughness participating in an athletic event that is 10x an Ironman, a first for the UK.
Read More...

DevOps at the US Patent and Trademark Office

The US Patent and Trademark Office's Fee Processing Next Generation (FPNG) is an example of a government agency moving to a devops development environment.
Read More...

A World of Infinite Choice in Open Source Software

The 2019 Software Supply Chain Report explains the development environment we're all living in and what we can learn from exemplar dev teams.
Read More...

Nexus Intelligence Insights: CVE-2019-13354: 'strong_password' embedded malicious code, RubyGems

By Elisa Velarde on July 10, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2019-13354: strong_password, an embedded malicious code vulnerability in RubyGems.
Read More...

GDPR Gets Teeth: British Airways and Marriott Fined

By Ilkka Turunen on July 09, 2019 devsecops
Fines levied at British Airways and Marriott International under GDPR show why data protection must be a central part of the software supply chain.
Read More...

Developers, Rejoice: Auto-Remediation Now Available in Eclipse, IntelliJ, and Visual Studio

By Sonal Thawani on July 08, 2019 Nexus Lifecycle
Auto-remediation makes it even easier to choose the best component right within an IDE. The CIP now automatically suggests the compliant version.
Read More...

Repository Management: An Easy Way to Minimize Risk

By Katie McCaskey on July 05, 2019 repository manager
Mykel Alvis (@mykelalvis) of Array Consulting urges developers to use a caching, and preferably security-scanning, artifact repository. Here's why.
Read More...

Anonymous Access In Nexus Repository is Not A Zero-Day Vulnerability

By Brian Fox on July 02, 2019 Nexus Repository
A researcher contacted us about an issue in Nexus Repository, stemming from user access settings. This was not a zero day, but a product feature UX change, to make it easier to be more secure - we
Read More...

New Cloud-Native CI/CD Projects OpenShift Pipelines and Tekton

By Katie McCaskey on July 01, 2019 devsecops
Siamak Sadeghianfar of RedHat explains how the open source projects Tekton and OpenShift support cloud-native CI/CD projects.
Read More...