Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...

Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product?

By Michael Griffin on December 23, 2020 News and Views
Sonatype is continuing to monitor the SolarWinds situation and our investigation is ongoing, but we can confirm that we do not use the SolarWinds Orion platform nor have we found any evidence of the
Read More...

The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications

By Derek Weeks on December 22, 2020 vulnerabilities
The SolarWinds software supply chain attack has made it clear that open source developers need to act now and intelligently manage third party dependencies to protect their apps.
Read More...

2 New RubyGems laced with cryptocurrency stealing malware taken down

By Ax Sharma on December 16, 2020 vulnerabilities
RubyGems removed 2 gems from its repo that contained malicious code. When run, it infected Windows machines and replaced any cryptocurrency wallet address it found on the user’s clipboard with the
Read More...

Breaching the U.S. Government through software supply chains: tracing the SolarWinds exploit upstream

By Ax Sharma on December 14, 2020 features
The U.S. Government and FireEye experienced breaches due malicious software code injected upstream in the software supply chain of of their vendor, SolarWinds, where it would then flow downstream
Read More...

Nexus Repository & Microsoft NuGet Gallery: OData Changes for NuGet V2

By Brent Kostak on December 10, 2020 Nuget
Following Microsoft's announced changes to the NuGet Gallery, and the depreciation of OData, see details on how Nexus Repository users can avoid V2 protocol errors by upgrading to NuGet V3.
Read More...

There’s a RAT in my code: new npm malware with Bladabindi trojan spotted

By Ax Sharma on December 01, 2020 vulnerabilities
Sonatype discovered new malware within the npm registry, jdb.js and db-json.js This time, the typosquatting packages are laced with a popular Remote Access Trojan (RAT).
Read More...

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

By Ax Sharma on November 16, 2020 vulnerabilities
Sonatype has discovered more malware in the npm registry, xpc.js, which has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem.
Read More...

Open Source and Cloud Security Together at Last

By Kevin Miller on November 12, 2020 Nexus Lifecycle
Sonatype and Fugue partner to combine Open Source and Cloud Security and Compliance
Read More...