Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Meet the Developers Behind Sonatype’s Automated Malware Detection System Securing Open Source Supply Chains

By Ax Sharma on April 08, 2021 vulnerabilities
Meet the principal software engineers behind Sonatype's automated malware detection system, Release Integrity.
Read More...

Deep Diving into CVE-2021-22114 Spring-integration-zip Path Traversal

By Juan Aguirre on March 31, 2021 vulnerabilities
We take a deep dive into CVE-2021-22114, which is causing problems for the second time.
Read More...

Netmask Flaw Leaves Millions Vulnerable While a PHP Git Server is Hacked in Software Supply Chain Attack

By Ax Sharma on March 29, 2021 vulnerabilities
2 critical software supply chain attacks were uncovered today. An improper input validation vulnerability in the npm component netmask and an attack on PHP’s Git server.
Read More...

Understanding Nexus Container: 5 Technologies You Need for Full Life Cycle Container Security

By Alexander Dale on March 16, 2021 Container Security
Say hello to Nexus Container and explore the five technologies you need for full life cycle container security.
Read More...

Why Sonatype is Acquiring MuseDev

By Brian Fox on March 16, 2021 Nexus Lifecycle
Today, Sonatype acquired MuseDev, a developer-first source code analysis platform and unveiled the world’s first full-spectrum platform for strengthening cloud-native software supply chain
Read More...

New in Nexus Repository 3.30: Microsoft Azure Blob Storage Support for Expanded Cloud Deployments

By Brent Kostak on March 15, 2021 Nexus Repository
We are excited to announce Azure Blob Storage support - Nexus Repository Pro users can now manage and deploy their critical infrastructure on Microsoft’s Azure Cloud Platform.
Read More...

Securing Software Supply Chains and Dependency Confusion — An Industry Perspective

By Derek Weeks on March 08, 2021 featured
We sat down with experts from The Linux Foundation, Atlantic Council and Sonatype's own CTO to discuss recent software supply chain attacks, dependency confusion and security concerns.
Read More...

Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains from "Dependency Confusion" Attacks

By Brent Kostak on March 04, 2021 Nexus Firewall
Sonatype’s new Dependency Confusion Policy Protection using Nexus Firewall and Nexus Repository can now automate dependency confusion protection at scale
Read More...