Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Gartner: Mitigate Risk By Hardening the Software Supply Chain

By Katie McCaskey on December 12, 2019 Sonatype Nexus
As Gartner explains, key to mitigating open source risk, is a hardened software supply chain. But, where do you start?
Read More...

Nexus Innovator: Jasmine James of Delta

By Katie McCaskey on December 11, 2019 Nexus Platform
Jasmine James of Delta Airlines explains how she discovered Sonatype Nexus and how it's played a role in her career.
Read More...

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials
Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...

New Integration to Visual Studio Code - Nexus IQ and OSS Index

By Allen Hsieh on December 04, 2019 Nexus Lifecycle
Introducing the new Nexus IQ integration for VS Code. If you want to understand how we built it, why we built it, and the problems it solves, read on.
Read More...

Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + 'prototype' pollution

By Elisa Velarde on November 27, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2018-16487: remote code execution and 'prototype' pollution in Lodash and how to protect against a hack of this vulnerable vector.
Read More...

Take Our Survey: Microservices, Containers, and Serverless Development

By Jim Wilcox on November 27, 2019 development survey
If you are excited about microservices, containers, or serverless development, please take a moment to fill out this survey to shape the future of Nexus IQ.
Read More...

CircleCI Maven Release Orb

By Dan Rollo on November 26, 2019 Apache Maven
Building on work by Benny Bottema, this new Orb moves project increments to a new version and updates the project version to the next development.
Read More...

Nexus Lifecycle Now Integrates with Red Hat Clair to Secure Containers Across the SDLC

By Michelle Dufty on November 25, 2019 featured
Sonatype is automating container security via an open API that makes it easy for third-party container scanners to integrate with Nexus Lifecycle - starting with Red Hat Clair.
Read More...

Are You a Fool with a Tool?

By DJ Schleen on November 22, 2019 security
Buckminster Fuller cautioned against prioritizing tools. DevOps should always include discussions of culture, strategy, and process for the best outcomes.
Read More...