Sonatype Introduces Next Generation Dependency Management | Press Release

Sonatype Spots 275+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

By Ax Sharma on February 12, 2021 vulnerabilities
48 hours after a security researcher breached 35+ tech companies in a novel software supply chain attack, Sonatype’s Nexus Intelligence flagged 150+ copycat npm packages published by different
Read More...

Why Namespacing Matters in Public Open Source Repositories

By Brian Fox on February 10, 2021 The Central Repository
Sonatype's CTO explains why the Central Repository has always required namespacing and why all public open source repositories should too, following a new software way supply chain attack.
Read More...

Namespace Confusion: Minimizing Risk with Nexus Repository

By Michael Prescott on February 10, 2021 Nexus Repository
Nexus Repository (NXRM) can help minimize your risk against namespace confusion with a feature called repository routing rules.
Read More...

Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations

By Ax Sharma on February 09, 2021 vulnerabilities
A security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
Read More...

The Central Repository Stands to Support Sailors from Bintray - 3 steps to take now to protect your builds from failing

By Ilkka Turunen on February 08, 2021 The Central Repository
We've created a practical guide for Bintray users migrating to the Central Repository to follow and ensure that use and distribution of open source components continues smoothly.
Read More...

What Publishers Need to Know About Migrating from JCenter / Bintray to The Central Repository

By Ilkka Turunen on February 08, 2021 The Central Repository
A step-by-step guide publishers can follow to easily migrate from Bintray/JCenter to The Central Repository
Read More...

Dear Bintray and JCenter Users - Here’s What You Need to Know About The Central Repository

By Brian Fox on February 04, 2021 The Central Repository
If you're freaking out about moving Java components into The Central Repository, following JFrog sunsetting Bintray, don’t worry. We’re here for you.
Read More...

CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains

Sonatype has determined those behind the CursedGrabber Discord malware family, have published a new malware campaign against software supply chains
Read More...

Sonatype and SVA join forces to help companies develop better, more secure software

By Stephen Bryans on January 19, 2021 News and Views
Sonatype and SVA, one of Germany’s leading system integrators, partner to help enterprise customers create vital open source security and SCA programs and protect their applications.
Read More...