Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

How (and Why) to Build Your Own DevSecOps Team

DevSecOps: Security at the Speed of DevOps

DevOps Culture: The Neuroscience of Behavior

Continuous Compliance and DevOps

Hands On with the Nexus Platform: A Software Supply Chain Demo

Developers, Say Goodbye to Vulnerabilities. Squash Those Bugs!

OSS for Enterprise: Procure Secure Components Faster & Manage Risk Better

Tools, Not Rules

Empowering Developers: Security Self Serve and Automated Time-Based Waivers

Top 5 Tomcat Vulnerabilities

The Path Forward for the Nexus Platform

DevOps Table Stakes: The Minimum Amount Required to Play the Game

Publishing Private NPM Packages to Nexus

DevOps in the 3rd Inning, DevSecOps in the 1st, says Sonatype CEO

OSS Endgame: Nexus Firewall as Your Shield Against Open Source Invasions

Maturing DevOps in TD Bank

Containers Are Just Another Piece of the Puzzle - Protect Them To Secure Your Business

What is the Definition of DevSecOps?

Managing Infrastructure at Scale with Terraform

Malicious Code Injection Strikes Again as npm Foils $13M Cryptocurrency Theft

The 2019 Nexus User Conference is Almost Here

What is the Definition of DevOps?

How and Why to Design Your Teams for Modern Software Systems

Why Diversity Shouldn’t be a Vanity Project

10 Ways Kubernetes Enables DevOps

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

Infrastructure as Code on AWS

Disrupt Yourself or Be Disrupted

From Burping to Flying - Red Teaming with Nexus at Intuit

The DevSecOps Equilibrium

GDPR One Year On: Increasing Demand for "Security By Design"

In the Dark about Software Supply Chain Vulnerabilities

New with Nexus: Policy-Oriented Reporting with Lifecycle

Say Hello to Our New GitLab Integration

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 2

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 1

Getting Started With Sonatype DepShield: An Introduction

Alexa: What’s the Future of Cyber Security?

PyCharm and Nexus Repository Manager - A Match Made in Heaven

Washingtonian Magazine, Battery Ventures Rank Sonatype on Coveted Best Places to Work Lists

Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution

Implementing DevSecOps with 1,162 Apps

From 0 to Accredited in 23 Days

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

Operating Without an OSS License? That Could Be Dangerous!

Full Lifecycle Container Security

Deploying DevOps in Government - the Second Time is the Charm

Sonatype Goes to CloudBees Days

Corrupting the Software Supply Chain: Lessons from the Bootstrap-sass Hack

Software Composition Analysis: A Matter of Perspective (and Experience)

Nexus Helps Cure Cancer

40 DevSecOps Reference Architectures To Learn From

Fannie Mae: Scaling the DevOps Enterprise

Nexus Intelligence Insights: CVE-2014-3483 - SQL Injection in PostgreSQL adapter for Active Record against 'range' data type

A Point of Inspiration

Why You Need DevSecOps and Artifact Repositories

Sonatype and HackerOne eliminate the pain of reporting open source software vulnerabilities

2019 Nexus User Conference: CFP Now Open

Keeping third-party dependencies in check with Nexus Lifecycle

How to extract your Android project’s dependencies with a Gradle task

DevSecOps Community Survey: Meet the Winner

CVE-2019-7238 in Nexus Repository Manager 3

The Top DevSecOps Resources You Should Be Reading This Weekend

On International Women’s Day, I Honor My Grandma’s Nudge

DevSecOps, Germs, and Steel: Tales from 5,558 Pros

Nexus Firewall Now Supports JFrog Artifactory Customers

Nexus Intelligence Insights: CVE-2014-3603 — Lack of Hostname Verification in OpenSAML

10 years and 10,000 Hours: Lessons Learned from the FOSS/PLG Journey at Sonatype

Hygiene for Open Source Software Is Now a PCI Requirement

26% Acknowledge a Web Application Breach in 2019

Enhanced Support for Python in Nexus Lifecycle

DevSecOps at Emerasoft: Sonatype Nexus Lifecycle and F5-Advanced WAF

Introducing Sonatype's Latest Release: Our Logo

Nexus Intelligence Insights - CVE-2017-5662 - Cross-Site Scripting (XSS)

Dynamic Storage: Four Ways that Blob Storage Got Smarter with Nexus Repository Pro 3.15

Let Your Voice Be Heard - Take the 2019 DevSecOps Community Survey

How-To Deploy a Private Docker Registry on Google Cloud Platform with Nexus

To Succeed, DevSecOps Must Actually Include DevOps

Application Security Risk in 2019: It's All About The Supply Chain

US Energy and Commerce Committee: 6 Strategies for Modern Cybersecurity Risks

You Can't Manage What You Can't See: Open Source Governance Starts with Visibility

Equifax was 100% preventable -- But 18,000 others at risk

House Oversight Report: Equifax Open Source Breach Was Entirely Preventable

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

The Rise of Dependency Scanners

Sonatype DepShield Now Protects NPM Projects

The Path of DevOps Enlightenment for Infosec

Inevitable:  Earthquakes and Exploits

Salesforce and Nexus: The Real Results of Automation [Video]

Nexus Intelligence Insights - CVE-2018-10237- Guava Vulnerability

Build Better Component Practices: Crawl. Walk. Run.

How to Deploy a Jenkins Cluster on AWS as Part of a Fully Automate CI/CD Platform

A DevSecOps Maturity Model in 7 Words

A Lesson in Why “Security by Press Release” Is Detrimental

Dirty Rivers Flow Downstream, Leading to Dirty Reservoirs

The Key to Enterprises Remaining Competitive Is Safe Open Source

Perspective on IBM and Red Hat: The Sharing Economy Writ Large

Keeping Your Nexus Repositories Clean Just Got Easier

Search Improvements Available in Nexus Repository Manager 3.14

Analytics Feature Being Deprecated in Repository Manager 3

Introducing Nexus Intelligence Insights

Who Cares if Supermicro Happened. Supply Chain Attacks are Real and It’s Time to Pay Attention

DevOps: The Blue Ocean Tide is Rising

5 Quick Wins for Securing Continuous Delivery

A DevSecOps Journey at a Dutch Bank

9 Top DevOps Conferences — A Developer's Picks

Three Days of DevSecOps: Lessons from Equifax

The 2018 State of the Software Supply Chain Report is here!

What the TPG-led $80M Investment Means for the Future of Sonatype and the DevSecOps Movement

A Simply Brilliant Way to Improve the Security Pipeline

Hollywood formalizes support for open source in filmmaking

Policy Governance Made Easy - Introducing the Nexus Notifier Plugin for Bitbucket

Nexus Reference Platform: Kompose, OpenShift and Helm

New Policy Grandfathering: Automating Open Source Governance at Your Own Pace

New JavaScript intelligence now available in the Nexus Platform

Sonatype Named Best Place to Launch A Career

Nexus Reference Platform: Docker Stack and Kubernetes

How to Keep Vulnerable Versions of Struts Out of Your Nexus Repository

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

How-to Roll Out Nexus in a Large Organization

Get Up to Speed with Maven Repository Configuration in Our New Learning Module

Introducing Sonatype DepShield: Free for GitHub Developers

The Weakest Link Might be Your Supply Chain: Just Ask The Pentagon

Sonatype Board Member Ann Winblad Talks DevOps and Open Source on CNBC

It's time to upgrade Nexus Repository 2 to Java 8

Software Composition Analysis: Precision Definitely Matters (Just Ask Our Competitors)

3 steps to deal with the aftermath of the highjacked eslint-scope package

DevSecOps: The Carrot and the Stick

The What and Why of DevSecOps

Learning in the Modern Enterprise – going to DevOps Enterprise Summit London with an open mindset

And then, Our CEO Won Entrepreneur of the Year

I Am A Serial Cryptominer: An Open Letter to Software Developers

Microsoft and Github: Open source’s future is brighter than ever

Making sure our users don't zip-slip and fall

CVE-2017-17461 - Vulnerable or Not?

10 Best Practices for Microservice Architectures

Nexus Repository 3.12: Support for S3 Blob Stores

Enhancing SSL Security and HTTP/2 support for Central

DevSecOps: Secrets in the Cloud

The Un-Conference 2018

Staging in Nexus Repository Pro 3.11

Secure By Design: Preparing for GDPR Should Begin With Software

WSJ on Struts: Companies Still Downloading Flaw Linked to Equifax Breach

Eight More Struts Breaches

Microcosm: Your Gateway to a Secure DevOps Pipeline as Code

Struts One-Two Punch Knocks Out India

Tripwires: When we might learn and where we don’t

Is manual remediation with Repository Health Check as good as it gets?

When Cyber Attack Meets Heart Attack

Learn about Sonatype Products with New Self-Paced Guides and Courses!

Deploy Secure Application with DevOps:DevSecOps

The Importance of Having An Open Source Policy

DevSecOps and Containers: The Numbers Don't Lie

How to Design Teams to Bridge the Security Gap

The DevSecOps Mindset: We Are Not Alone

What Does DevOps Maturity Tell Us About Security Maturity?

2018 DevSecOps Community Survey: Automation Races Against Breaches

Open Source Governance Hits the C-Suite

The Guards Are Changing:  How DevSecOps is Transforming the Application Security Profession 

Docker Image Security for DevSecOps

Open Sourcing npm in Nexus Repository Manager 3

DevSecOps In The Age Of Containers

Nexus Firewall Extends Support for RubyGems and RPM

We Won! Sonatype Scoops Up Award for Best Open Source DevOps Tool

Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

DevSecOps Day at RSAC 2018 - Who Will be There

Nexus User Conference: Online, Free, June 6 - 7

ABN AMRO Embraced CI/CD to Accelerate Innovation and Improve Security

Nexus Lifecycle Report Redesign Survey

Nexus Repository Manager: Retention Policies and Cleanup (Survey)

DevSecOps Community Survey for 2018

Learn the Nexus 2.x REST API: Automating Sonatype Nexus Repository

Crypto-Mining Crime Rings: The Newest Reason Why Software Supply Chain Hygiene Matters

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

DevOps: Building Better Pipelines

Remote code execution vulnerability (CVE-2017-8046) in Pivotal's Spring Framework

Leading a DevOps Team at a Fortune 100 Company

Nexus Repository 3.9 Released with a new Upload UI and Firewall Support

Nexus Firewall is now available for Repo OSS users!

Running The Nexus Platform Behind Nginx Using Docker

DevOps Radio Podcast: The Story Behind All Day DevOps:

Sonatype’s Road to Continuous Delivery: Our Product Owner’s Perspective

RSAC 2018 - Preview of Opening Session for DevOps Connect: DevSecOps Day [Podcast]

DevOps: Escape the Blame Game

Software Liability Gets Real (Global)

DevSecOps: Hope is Not a Strategy

Nexus Repository 3 [Video]: What is a repository manager?

DevSecOps Delivered: Fix an Open Source Vulnerability from within the IDE

Nexus Lifecycle: Using REST API to identify where newly vulnerable components reside across your application portfolio

DevSecOps: Dreams, Teams, and Architecture

Sonatype's 10 Year Journey, with Co-founder Brian Fox

Nexus Repository Manager Just Got YUMmier 

Malicious Intent: Open Source Developers, Please Protect Your Users

Scaling Sonatype: Perspective from #SaaStr 2018

Continuous Delivery: No Excuses

Continuous Integration In The Age of Containers - Part 2

What can we learn from 200 Billion JavaScript downloads

Improving the Nexus Search Experience

HackNYC 2018: Preview with Kevin E. Greene [Podcast]

The Hijacking of a Known GitHub ID: go-bindata

Product Management in a DevOps World

20 DevSecOps Reference Architectures to Help

Nexus Repository Manager 3.8 is now available

HackNYC 2018: Preview with Dr. Bill Curtis [Podcast]

The Magic of a Remote Organization

The Power of Data in DevSecOps

Cancer Sucks. DevOps Helps.

Continuous Integration in Pipeline as Code Environment with Jenkins, JaCoCo, Nexus and SonarQube

How to Setup Nexus 3 as your Windows Docker Container Registry

Thoughts on Security in the Modern Software Supply Chain [Podcast Interview]

DevSecOps Goes Mainstream

The OpenChain Project with Shane Coughlan [Podcast Interview]

Developing An Ansible Role for Nexus Repository Manager v3.x

Automated Setup of Nexus Repository Manager

How Many Hosted Repositories Can Nexus OSS Support

DevSecOps: Overcoming the Culture of No’s with Chaos

Nexus Repo Containers with Persistent Storage in Azure Container Instances

Open Source Components, Code Volume Drag Down Web App Security -- New Report from Imperva

Madhu Akula Takes on Two Roles During All Day DevOps

Build a Highly Available Docker Registry on AWS with Nexus

Ann Winblad Reflects: The Rise of Software

How to Deploy the Artifacts of a Project to Nexus, with Maven.

Cleanup Old Docker Images from Nexus Repository

Fewer Gates, More Guardrails: DevSecOps Lessons Learned in 2017

Docker Compose for Nexus Platform - Part 2

Continuous Integration In The Age Of Containers - Part 1

Nexus Repository 3.7.0 Released

Help and Educational Content for Nexus Repository Manager

Using Nexus IQ Server with the webpack Plugin

Kubernetes Recipe: Sonatype Nexus 3 as a private docker registry

Docker Compose for Nexus Platform - Part 1

Using a Dockerized Nexus as a Docker Registry

Q&A Corner with the Nexus Support Team

Docker: Handling Circular Dependency Between Containers

Useful Docker Images – Part 1

DevSecOps in Government: How to Deploy It and Own It

GDPR and OSS. How are they linked and why should you care?

Migrating yum to Nexus Repository Manager 3

Demo: Restricting Access to Nexus Repository Based on Roles and User Permissions

Doctor, Doctor, Can't You See?  Congress Calls for Cybersecurity.

NPM Search Changes

The Cloud Dish - Provisioning Nexus Repository Manager and Nexus IQ Server

All Things Maven: A Discussion with Brian Fox

FDA: DevSecOps and Nobody Dies

Violations Detail View Coming to Nexus IQ Server

DevSecOps and GDPR:  Why Open Source Risk Management Has Never Been More Important

10 Reasons Why All Day DevOps 2017 is Awesome!

Strengthening Software Supply Chains for Everyone: Why Grafeas is a Great Idea

Mr. Smith Goes to Washington: Lessons Learned from Equifax in Congress

Zero Day, Now What?

Application Health Check: Free tool to see if you’re impacted by the Struts2

Nexus in OpenShift

The Most Underutilized Policy Type in Lifecycle

GDPR Compliance? Lessons Learned from Equifax

Nexus Repository: New Beta REST API for Content

Struts2 Breach at Equifax was 100% Preventable. Here's how.

Insecure at Any Speed

Brian Fox: What does Sonatype do? What do I do all day?

Security Processes at the Apache Software Foundation (video and podcast)

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

Equifax and Struts: An Ounce of Prevention is Worth a Pound of Cure.

Nexus Lifecycle XC is now available

Remediation at Scale: Lessons from PayPal for the Equifax Security Team

Bracing for Impact in More Ways than One -- Apache Struts2 (S2-053)

Sonatype Statement: Struts2 and Equifax Breach

Struts2 Vulnerability Cracks Equifax

What you should know about the latest Struts2 Vulnerability (video and podcast)

A Struts2 Vulnerability Hurricane: Deserialization

Want to Understand Software Supply Chains? Ask Red Hat

The Road to Software Success at Fannie Mae is Paved with DevOps Native Tools

New Nexus Customer Feedback Sessions, Summer 2017

Experimenting with the Nexus Welcome Page

How Much Value Are You Getting From Nexus Lifecycle?

Nexus Repository Manager 3.5: Yum Proxy Support Now Available

Tish Long and Steve Hills: Two More Reasons Why Sonatype's Future is Bright

Concerned about Container Security? Try the Nexus Platform.

Building a Business Case for DevSecOps?  Our New Dashboard Can Help.

Cybersecurity Improvement Act of 2017:  The Ghost of Congress Past

Internet of Things Cybersecurity Improvement Act of 2017

The Curious Case of a German Smartphone: Why Software Supply Hygiene Matters

2017 State of the Software Supply Chain Report

Vor Security brings OSS Index to Sonatype

The Difference Between DevOps and Everything Else

Microsoft Visual Studio integration with Nexus Lifecycle

Walmart Integrates Nexus, OneOps, Jenkins, Kubernetes into Distribution Center Management System

Automated Enforcement: The Not So Subtle Difference Between Sonatype Nexus and Everyone Else

Heartbleed: The Open Source Vulnerability that Keeps on Giving (and Taking)

Medical Device Security: A New Look at Open Source Software

Embedding Ownership: A DevOps Best Practice

Automating the Automation Tools at Capital One

The Trump White House Takes Aim at Cybersecurity

They Sent 300 Employees to a DevOps Conference

How to use the new Repository Health Check 2.0

Container Considerations on Your DevOps Journey

Nexus Repository now certified in Red Hat OpenShift

3 Reason Why I'm Excited for Red Hat Summit

Red Hat Summit is a Quality Choice: Here's Why

Promise Theory and DevOps

DevOps Intelligence Changes the Game

Nexus 3.3 Delivers Free Next-Gen Repository Health Check and Git LFS Support

Nexus Firewall Grows with Support for PyPI

Sonatype Nexus 3 launches into Mesosphere DC/OS

The Nexus Exchange: 30 new integrations from the community

Shift Security Practices Left: New Nexus Plugin for Jenkins Pipelines

GitHub Integration with Nexus Lifecycle

The Open Source Software Index is BOSS!  Here's Why.

Do You View Your AppSec Tools as an Inhibitor to Innovation or a Safety Measure?

DevSecOps: Eat Carrots, Not Cupcakes

DevSecOps: A More Deterministic Approach

DevSecOps: In Time for Security

DevSecOps: Slaying the Myths of Container Security

DevSecOps: Integrating Automated Security Controls

DevSecOps: Embracing Automation While Letting Go of Tradition

Sonatype on Federal News Radio

Apache Struts Vulnerability: Live Updates

Setting up a Docker Private Registry with Authentication Using Nexus and Nginx

Setting up a Secure, Private Nexus Repository

Struts2 Exploited Again.  Did Anyone Bother to Tell You?

Set up your own Continuous Delivery Stack

When it Comes to Application Security, “Doing Your Homework”​ Matters

Improving Build Time of Java Builds on OpenShift

DevSecOps is Suddenly Strategic for Everyone in Software:  Here's Why

AppSec EU 2017 Belfast – What to Expect

Using Nexus 3 as Your Repository – Part 3: Docker Images

Culture Hacking at RSAC 2017 with Shannon Lietz

CI/CD with OpenShift

Using Nexus 3 as Your Repository – Part 2: npm Packages

How DevOps Killed the Market for Software Composition Analysis

From a Commodore 64 to DevSecOps

Using Nexus 3 as Your Repository – Part 1: Maven Artifacts

System Hardening with Ansible

Achieving CI/CD with Kubernetes

DevOps at Massive Scale

Sonatype Nexus Installation Using Docker

Paul Volkman: Why is Sonatype the best solution?

DevOps and Opportunities in Software Supply Chain Governance

DevSecOps: Better Software, Faster

Docker: The New Ordinary

One Team, 5,000 Jobs: Life in the DevOps Jungle

Step-by-Step: Block and Quarantine Vulnerable Open Source Components and Artifacts with Nexus Firewall

The Nexus Firewall – Perimeter Defense for Software Development

DevOps: Making the Boring Things Stay Boring

LEGO, Death Stars, and Millennium Falcons, Oh My

DevOps for Small Organizations: Lessons from Ed

DevSecOps: Catching Fire

DevOps Confessions from Fannie Mae, Liberty Mutual, and Capital One

How are Federal Agencies Implementing DevOps & System Modernization

All Day DevOps: Practitioner-to-Practitioner

Security by Design: The Benefits of Building Quality In

Mapping the JavaScript Genome for DevOps

DevOps Express: How It Happened and Why We Did It

Nexus Repository Rising: Say Hello to the New Pro

All Day DevOps Conference: Bringing DevOps to the World

Government Spotlight:  DevOps Accelerates Cyber Security

Government Asks: What’s in Your Software?

How to Video Training: Open Source Component Management and Intelligence

An Insider's View: Analyzing Software Supply Chains

The 2016 State of Software Supply Chain Report

Nexus Repository 3.0: Most Frequently Asked Questions - Answered

An Innovator’s Journey: 8 Interviews

Sonatype Automated Deployments with Atlassian Bitbucket Pipelines

Why DevOps Success Requires More Than X-Ray Vision

Nexus Lifecycle and IntelliJ IDEA

Banking on Built-in Security Checks

Impressions from DevOpsDays Vancouver 2016

Sonatype Releases Nexus Repository 3.0

Intuit’s DevSecOps: War Games, Gamification, and Culture Hacking

Lessons Learned Again #npmgate

Continuous Delivery: The Atlassian Way

Faster, Smarter DevOps

Rugged DevOps: Less Capture the Flag, More Teamwork

Manufacturing Without a Warehouse = Development Without an Artifact Repository

Continuous Delivery: How to Transform Application Release

Sonatype Closes $30 Million Financing

Rugged DevOps: Survival is Not Mandatory

Ground Control To Nexus Users: Nexus Repository Manager 3 Milestone 7 Release

Why CEO’s Choose Harry

What’s in Your Software

Getting Rugged DevOps Right

Software Supply Chains: DevOps Lessons Learned from Southwest Airlines

Nexus Firewall: Quality at Velocity

Did you wake up to an alert about the Java Deserialization vulnerability?

Improving Container Security: Docker and More

Q&A: Running Docker in Production

Why Nexus Rocketed Beyond 60,000 Installs

Please Containerize Your Excitement: Nexus 3 Milestone 5 Release

28 DevOps and Continuous Delivery Reference Architectures (Vol. 2)

Josh Corman on Keeping up with Hackers [CNBC VIDEO]

Make Nexus Part of the DevOps Dozen

Automated Nexus Reports on Licenses, Security, and More

A Newcomer’s Perspective: Software Supply Chains

The Cost to DevOps: 27 Mufflers

Rework is Choking Software (2015 State of the Software Supply Chain Report)

Better and Fewer Suppliers (2015 Software Supply Chain Report)

We Lack Building Codes for Building Software Code [VIDEO]

The 2015 State of the Software Supply Chain Report

DevOps Leadership Series: Gov Does DevOps (Part 2)

DevOps Leadership Series: Gov Does DevOps

DevOps Leadership Series: Monitoring Containers and Microservices

DevOps Leadership Series: Security at Velocity [Video]

DevOps Leadership Series: Software Supply Chains [Video]

DevOps Leadership Series 2015

How a Software Bill of Materials Uncovers Known Vulnerabilities

Real World Experiences: Blackboard

Legal at DevOps Speed

Continuous Delivery and Nexus

Dogfooding Nexus

Sonatype and Bamboo: Improving Your Builds

Nexus Reaches 50,000

Evaluating OSS logistics solutions? Consider these 9 tips.

Nexus 3: New Milestone Release

The Software Supply Chain Piques Interest

Chevy and DevOps: What the Wi-Fi?

[Video] Accelerating Continuous Delivery by Improving NuGet Package Management

Nexus, Continuous Delivery and DevOps: Slideshow Gallery

Nexus 2.11.1 - Why It's Time to Upgrade

Nexus Pro Deployment Guidelines

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

Code, Cars, and Congress: A Time for Cyber Supply Chain Management

Delivering on a Promise: Free Nexus Training

Rubyists Rejoice - Nexus Supports RubyGem Repositories

Talking Turkey in Texas: Open Source Governance Lags

42,000 Nexus Repository Managers, and Growing!

CIO.com: Helping Developers Reduce Open Source Risk

Riot Games Shares its Chef Cookbook for Nexus

How Big is a Billion? Open Source Growth Skyrockets

Nigel’s Wake-up Call: Scaling Open Source Governance

Who is Nigel Simpson? (Lessons of Open Source Governance)

TheNexus: A Community Project

Nexus Live, October 2014 - Gene Kim, Josh Corman, TheNEXUS

npm registry support for all!

Why Attend the DevOps Enterprise Summit?

Nexus OSS Meets NuGet

Bash 2014 - This Is Not a Party

What Happened Sept 16th?

Skeleton Key

11,000 Voices

Time for Full Open Source Disclosure

Gartner Goes Development-Centric

Nexus 3.0 Technology Preview (Milestone 1 Release)

Integrating with SonarQube

Never a More Interesting Time

Hear no Evil, See no Evil, Deploy no Evil

Part 3 – [ ________ ] is the Best Policy

"Wait! Wait! Don't pwn me!" from Black Hat 2014

Part 2 - [ ________ ] is the Best Policy

Part 1 - [ ________ ] is the Best Policy

HTTPS Support Launching Now!

Outnumbered, Again

SSL Connectivity for all Central Repository users Underway

Two AppSec Questions Always Asked

Part 2: The Internet of Everything: Code, Cars, and More

Trusting Third-Party Code That Can't Be Trusted

Part 3: The Internet of Everything: Code, Cars, and More

Are You Choosing the "Right" Component?

Part 1: The Internet of Everything: Code, Cars, and More

Stewing Over Software Ingredients

The Atlassian Story with guest Tim Pettersen on Nexus Live

Lessons of Youth: A License to Use

Open source components, a fine vintage or sour milk?

Securosis Dives Deep into our 2014 Survey

Nexus holds the top market share, the data speaks for itself

We're bringing sexy back, Sonatype hits the catwalk

The 2014 Survey: Marked by an Industry Shock Wave

Walking in the Open Source Component Garden

3 Reasons Manual Policies Just Don’t Work

Book Update: Repository Management with Nexus

Nexus and RunDeck: Tools for DevOps

5 Things You Need to Know About Open Source Components

RebelLabs Java Survey Results: Developers Love Nexus

Replace plain text username and password with a user token - The Nexus 2 Minute Challenge

Rebrand the Header in Nexus - The Nexus 2 Minute Challenge

Configure Nexus to Serve From a Selected Port - The Nexus 2 Minute Challenge

Cheeseburger Risk: Not for the Faint of Heart

On the Shoulders of Giants: Influential Books for Software Developers

Hacking Minecraft - A Metaphor for Bleeding Hearts

4 Open Source Components You Need to Update Right Now

Are OpenId and OAuth ‘Bleeding’?

Like a Good Holiday, the Verizon Breach Report is Here

Replace the release process using the Nexus Staging Suite - The Nexus 2 Minute Challenge

The Nexus 2 Minute Challenge Video Series

The Sonatype 2014 Engineering Summit

Are we doing enough to prevent future “bleeding hearts”?

DevOps: The Last Great Hope for Application Security?

Code Snippet Scanning: Is it Really Needed Anymore?

2014 Open Source Development Survey: Making Results Matter

TED Talks Security: 3 Provoking Discussions

A Home for the Central Repository

Open Source Observations from RSA

An Open Discussion on Open Source Review Boards

Ready to Take the 2 Minute Nexus Challenge? Watch our First Challenger Live.

The Tipping Point: Human Speed vs. Machine Speed

Secure From the Start: Combining Open Source Policies, Practice & Tools

Sonatype & HP Partnership Offering a New Breed of Application Security

Financial Services Organizations have Open Eyes on Open Source

AppSec / DevOps Survey: 63% Concerned with Open Source

Sonatype Nexus Security Advisory

Should DevOps Account for Continuous Trust of Production Applications?

Another Security Breach ... Just in time for the holidays.

Who Really Wrote Healthcare.gov?

FinSvcs Working Group (FS-ISAC) Takes on Open Source Components

What's Happening in the Land of Open Source Components

Component-Capable Release Management is Key to DevOps

Taking Advantage of the New and Improved Nexus 2.7

PCI 3.0 - Secure Payment Requires Secure Components

Sonatype Nexus Open Source Community Projects

DevOps Requires an Optimized Application Delivery Tool Chain

Should your devops pipeline consider component intelligence?

Yes, Policies Can Actually Speed Development

Atlanta DevOps Days Recap: Next Up NYC, Vancouver & Portland

The Golden Repo is NOT the Answer, the Golden Policy is

(ISC)² Global InfoSec Study - App Vulnerabilities are #1 Concern

Simplified Releases to the Central Repository with Nexus

DevOps Success is Contingent on Shifting Left

Using Your Repository Manager to Optimize Component Usage

Agile, Component Development & DevOps - A Natural Match

Move Left and Be More Secure

Policy Hierarchy & Inheritance: Simplified Policy Management

Sonatype Reduces Licensing Risks for .Net Developers with Integration to NuGet and Visual Studio

NSA & Open Source: Another Controversy Brewing?

Flaws vs Bugs

Join Us For Nexus Live: Product survey data revealed

Application Security: Focus on flaws, not on bugs

Important: Apache Struts Framework Security Alert

A Brief and Incomplete History of DevOps

Nexus 2.6: Much more than a new layer of paint

Application security needs to be redefined to stay relevant

Do you trust your software supplier? Questions to ask yourself - and them!

Hack Takes a Bite of the Apple

Sonatype applauds GitHub's approach to encourage OSS license selection

Join Us for Nexus Live: Profiling your Nexus installation using JMX

Announcing CLM 1.5: New release simplifies policy management

Soup Anyone?

12 Takeaways from Gartner Security & Risk Management Summit

Do Vulnerability Counts Really Matter?

Good Hygiene Should be a Foundation of Application Security

How Will you Manage the New Addition of A9 to the OWASP Top 10 List?

See the Great Battle of Security and Speed at the Gartner Security & Risk Management Summit

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.

New Webinar: No Way! Security & Compliance Can Speed Development

Application Security, Not so Black & White

"I want to write really insecure code today"

"Personally, I have always been a fan of bribery"

"They wait until the software flaw trends on Twitter"

"Good luck getting Mike to fix big security flaws."

OWASP Recognizes Component Security

CLM Customer Impressions

Announcing Sonatype CLM (Component Lifecycle Management)

Only 1 Day Left! Webinar: Security At The Speed Of Development featuring Wendy Nather, 451 Research & Ryan Berg, Sonatype

Exploit for recently patched Java flaw added to CrimeBoss exploit kit

Join Us: Nexus Office Hours --- This Friday!

When Nexus Alone Is Not Enough - Webinar Recording Now Available!

Going to InfoSecurity Europe next week? We'll see you there!

New Webinar: Security at the Speed of Development with Wendy Nather, 451 Research

Sonatype Will Be At SANS AppSec Summit 2013 - Will You?

Underground software suffers from copy and paste

Here phishy phishy, 8 in 10 companies suffered web-borne attacks.

March Nexus Office Hours - Recording Now Available

New Webinar - When Nexus is Not Enough: Manage Your Components Beyond the Repository

Vulnerability database infected for at least two months

New security fix from Apple

Android hit again by malware

Do you know if you have been hacked?

New details on Java 7 issue published

Check your routers, new backdoor found in TP-Link routers

NIST National Vulnerability Database down

Not a match made in heaven, Zoosk asks users to reset passwords following mass leak.

HP, CERT warn of critical hole in LaserJet printers

Miniduke malware linked to Java and IE 8

Mozilla and Google race to patch new flaws

Android home to 96% of all new mobile malware

Flash, Adobe Reader and Java Hacked ... again

Join Us: Nexus Office Hours - Friday, March 22, 2013 1PM-2PM EDT

Hacker Steals $12,000 Worth Of Bitcoins In Brazen DNS-Based Attack

Proxy use among cybercriminals is on the rise

Flaw in Kaspersky Internet Security 2013 leads to remote freeze

Browsers downed again on first day of Pwn2Own contest

Oracle confirms Java 7 Update 15

ProstgreSQUL Updates to Close Denial-of-Service Hole

Whitehole Exploit Kit in the Spotlight

Join Us: Sonatype Speakeasy, San Francisco - Wed, February 27, 2013

Barracuda Moves to Shutter Backdoor Access to its Network Gear

Which would you choose? Secure Apps or Productive Developers

Open Source - It's not just about Linux, Apache HTTP & MySQL

Hacker Gains Access to Foxconn Databases, Just Wants to Prove Lack of Security

"Lucky Thirteen" Attacks Snarfs Cookies Protected by SSL Encryption

Android Malware Carries Windows Snooping App

Google Blocks High Profile Sites After Advertising Provider NetSeer is Hacked

Oracle Releases Java Patch Update

Aerospace And Defense Firms Targeted With Clever Spear Phishing

Turkish Hackers Upload Malicious Browser Extension To Official Chrome Web Store

Join Us: SANS Webcast - The Hidden Risk of Component Based Software Development

Over 85,000 HP Printers Found to be Publicly Accessible Via the Internet

Ruby On Rails 3.0.20 and 2.3.16 Released to Address Extremely Critical Vulnerability

5 Years After Major DNS Flaw is Discovered, Few US Companies Have Deployed Long-term Fix

Security Hole Found on IO, AC, SH, TM Domain Registrar Sites

SCADA Password Cracking Code Available

GitHub Forced To Diable Search After Exposing Private SSH Keys

Web Server Hackers Install Rogue Apache Modules And SSH Backdoors, Researchers Say

Backdoors Found In Barracuda Networks Gear

Security Flaws Leave Networked Printers Open To Attack

PayPal Addesses Blind SQL Injection Vulnerability After Being Notified By Experts

Website of Sony Music Mexico Hacked, Defaced

Critical Security Vulnerability At Amazon Fixed

XSS, Password Flaws Found In Popular ESPN App

Security Explorations Identifies Two Vulnerabilities In Java 7 Update 11

FAKEM RATs Disguise Their Traffic As Yahoo! Messenger To Avoid Detection

Drupal 7.19 and 6.28 Released To Address XSS, Access Bypass Flaws

Oracle Releases 86 Patches In Its January Critical Patch Update

New Java Exploit Fetches $5,000 Per Buyer

Expert Finds Security Holes In Sites Of Microsoft, Twilio and ProActive CMS

Secure Central Connectivity – Artifactory & Archiva Now Supported

Nexus 2.3 Now Available – Includes Support for Yum

Red October Cyber Espionage Campaign Relied On Java Exploit To Infect Computers

Last Chance: 2013 Open Source Development Survey Closes Tomorrow Take It For Your Chance To Win A Brand New Apple Workstation

Cybersleuths Uncover 5-year Spy Operation Targeting Government, Others

Apache CouchDB Updates Handle Multiple Security Issues

Oracle Responds To Warning On Java Vulnerability

Oracle Ships Critical Security Update For Java

Java 7 Zero-day Exploit Used To Distribute Reveton Ransomware

Nasty New Java Zero Day Found; Exploit Kits Already Have It

Exploit Code, Metasploit Module Out For Ruby On Rails Flaws

Botnets For Hire Likely Attacked U.S. Banks

Crimeware Auther Funds Exploit Buying Spree

All Ruby On Rails Versions Affected By SQL Injection Flaw

New Android Trojan Capable Of Lauching DDoS Attacks, Sending SMSs

Flaw In Facebook Allowed Attachers To Record Video Of User And Post It On The Timeline

Researcher Finds XSS Vulnerabilities In cPanel And WHM 11.34

Drupal 7.18 and 6.28 Released To Address Security Vulnerabilities

Apache Malware Targeting Online Banking

Carberp Banking Trojan Goes Commercial

Hackers Breached Heating System Via Industrial Control System Backdoor

Your Opinion Matters: Take Our 2013 Open Source Development Survey (plus, you could win Jason's brand new Apple Workstation)

Samsung Smart TV Bug Allows Remote Access, Root Priviledges

Stored XSS That Allowed Hackers To Hijack Tumblr Blogs Still Unfixed

GPS Software Attacks More Dangerous Than Jamming And Spoofing, Experts Say

Only 15% Of Known Malware Caught By Android 4.2's Verifier

Exploit Kit Authors Thrive Due To PoC Code Released By Whitehats

Fast Cracking Of MySQL Passwords Demonstrated

Tumblr Worm Proliferated Due To XSS Flaw

Season's Gr3371ng5 - Hacker Releases Exploits For MySQL And SSH

Highway Traffic Monitoring System Has Exploitable Electronic Flaws, Says CERT

Crooks Inject Malicious Java Applet Into FOREX Trading Website

Email Hacks Router

Shylock's New Trick For Evading Malware Researchers

Unencrypted Payment Data On Business Networks At 70 Percent

U.S. Software Firm Hacked For Years After Suing China

Pacemakers, Other Implanted Devices, Vulnerable to Lethal Attacks

U.N. Atom Agency Says Stolen Information On Hacker Site

Java Zero-day Exploit On Sale For 'Five Digits'

eBay Closes Critical Security Holes

Numerous .eu Domains Registered To Host BlackHole Exploit Kit

Rootkit Infects Linux Web Servers

Nexus Bolsters Component Management Capabilities

Intel Corporation: McAfee Threats Report Shows Global Expansion Of Cybercrime

New Java Attack Introduced Into Cool Exploit Kit

Joomla 3.0.2 and 2.5.8 Available For Download, Security Fixes Included

Siemens Software Targeted By Stuxnet Still Full Of Holes

How Hackers Scrape RAM To Circumvent Encryption

Mushrooming Ransomware Now Extorts $5 Million A Year

Virtual Machine Used To Steal Crypto Keys From Other VM On Same Server

Users Take Their Time Over Java And Flash Updates

Plone Releases Fixes For 24 Vulnerabilities

Sophos Fixes Critical Security Vulnerability

Security Research Labels Over 290,000 Google Play Andoid Apps As 'High-risk'

SQL Injections And DDoS Attacks: Most Popular Topics On Hacker Forums

ICS-CERT Warns Of Increasing Threat To Industrial Control Systems

IT Supply Chain - Will Yours be Compromised?

Backdoor In Computer Controls Opens Critical Infrastructure To Hackers

Now Available: SSL Connectivity to Central

Imperva Experts Reveal The Best Practices And Tactics To Mitigate Insider Threats

Sony PS3 Hacked Again

Hackers Get 10 Months To pwn Victims With 0-days Before world+dog Finds Out

Hackers' New Superweapon Adds Firepower To DDoS Attacks

Improving Software Quality Using Component Lifecycle Management with Jenkins

Security Researcher Experiments With Patching Java

Java Still Has A Critical Role to Play Despite Security Risks

XSS Attacks Remain Top Threat To Web Applications

Second DDoS Attack Hits GitHub, Some Repositories Temporarily Unavailable

SunTrust The Latest Victim In Cyber Attack Saga

Insight For CI at the Jenkins User Conference

CloudStack Alert Users To Critical Vulnerability

Cybercrime Gang Recruiting Botmasters For Large-scale MiTM Attacks On American Banks

Persistent Flaws In PayPal Allow Cybercriminals To Hijack User Sessions And More

Bank Attackers More Sophisticated Than Typical Hacktivists, Expert Says

Expert Finds XSS Flaw On eBay After Bypassing 'Filtering Mechanisms'

Cyber Era Brings New Kinds Of Supply-chain Threats

Building Android Malware Is Trivial With Available Tools

Up Next: Nexus Support for Yum Repositories

That's Billion with a B: Is Java Having an "Outlook" Moment?

Backdoor In phpMyAdmin Allows Hackers To Execute PHP Code

One Billion Users Affected By Java Security Sandbox Bypass Vulnerability, Experts Say

JPMorgan Chase Bank Servers Hacked, Tiffany Employee Details Exposed

The Cloud is Running toward BSD-style Licenses, are you?

Most Data Breaches Come From Within

What Enterprise Architects and Time Travelers have in Common

IBM: Top Threats Include Data Breaches, BYOD, Browser Exploits

Don't Do it Wrong: Put that Puppet in a Box and Use Nexus for Devops

Stuxnet Tricks Copied By Computer Criminals

Bacon, Unicorns, JavaOne (Just a few of our favorite things)

Last Chance! Join Us In Philly For Breakfast & Some Hot Tech Talk

You're Using Maven 2 - Are You Sure?

Data Breaches Expose 94 Million Records In The Government Sector

Nexus 2.1: Fueled by Gun-Toting Unicorns with Jet Packs

Nine 0Days: HP In The Security Dock Again

Apple Patches Java 6 For OS X Snow Leopard, Lion

Hacker Group Claims Access To 12M Apple Device IDs

VMware Secures Server Products

Hacker Steals $250k In Bitcoins From Online Exchange Bitfloor

Secret Account In Mission-Critical Router Opens Power Plants To Tampering

Remember when Hackers Ignored Java? Those days are over... FBI Hacked via AtomicReferenceArray

Hacker Hands Barto Manufacturer $190,000 Loss

Rogue Microsoft Services Agreement Emails Lead To Latest Java Exploit

Philips Databases Pillaged And Leaked Second Time In A Month

Researchers Find Critical Vulnerability In Java 7 Patch Hours After Release

Java Zero Day Attack: Second Bug Found

Download it All at Once: A Maven Idea

Unpatched Java Vulnerability Exploited In Blackhole-Based Attacks

1 Million Accounts Leaked In Megahack On Banks, Websites

Join Us: Sonatype & Chariot Solutions Philadelphia Breakfast Meetup Tuesday, September 25, 2012

Macs At Risk From 'Super Dangerous' Java Zero-Day

A $5,000 Vulnerability In Facebook

Nexus 2.1.2 Update Available Now: Minor Features and Fixes for both OSS and Pro

(Often,) You People are Too Smart to Train

Dogfooding Sonatype Insight: We found Vulnerabilities in Nexus

Best Strategy for Migrating from Apache Ant to Apache Maven

Internet Attacks From China And US Increased In First Quarter Of 2012

Securing Repository Credentials with Nexus Pro User Tokens

Nexus 2.1 Now Available, Go Get It

Attackers Go Phising For Payroll Workers With Java CVE-2012-1723 Exploit

Scope Of APT's More Widespread Than Thought

Why Insight App Health Check is so Important: Java Flaws Increasingly Targeted By Attackers

Insight Application Health Check: Scan Your Application for Security and Licensing Issues in Minutes

The Latest Threat: A Virus Made Just For You

We Just Kicked Central Performance and Availability Up a Notch with Edgecast

Android Malware Is Booming

Oracle's July Patch Day Brings 87 Security Updates

Experts Find Filter Bypass Vulnerabilities In Barracuda Appliances

ICS-Alert-12-195-01—Tridium Niagara Directory Traversal And Weak Credential Storage Vulnerability

Join Us: Sonatype Meetup in NYC - Wednesday, July 25, 2012

Learning the Nexus REST API: Read the Docs or Fire Up a Browser

New Java Exploit To Debut In BlackHole Exploit Kits

Nexus Pro: Automating Staging Workflow with Gradle using the Nexus REST APIs

Head Of Pentagon's Cyber Command Calls For Clear Cyber Security Legislation

Thieves Exploiting Vulnerability In On-Board Diagnostic System To Steal BMWs

Component Lifecycle Management with your Apache Maven Infrastructure

Wait... you don't have a repository manager?

m2e 1.1 Released with Eclipse Juno. Go get it.

Latest Hacker Dump Looks Like Comcast, AT&T Data

Nexus OSS switched to the Eclipse Public License: A Clarification and an Observation

RSA SecurID Cracked, Experts Access Cryptographic Keys In 13 Minutes

New Bank Theft Software Hits Three Continents

Nexus Pro and Nexus OSS 2.0.6 Now Available: Stability and Security Fixes

Researchers beat up Google’s Bouncer

Malware-as-a-service Simplifies Launching Cyber-attacks

Cisco Closes Holes In Its VPN Client And Security Appliances

How to Consume and Publish Artifacts with Nexus and Apache Ivy

Fujitsu Labs And NICT Break 278-Digit Pairing-based Cryptography

Does Nexus Pro Support Ant + Ivy Builds? Yes it does.

Advanced JavaScript Attack Tthreatens SOHO Routers

New Webinar - Futures: Component Lifecycle Management with Your Apache Maven Infrastructure

How to Publish, Consume, and Stage Artifacts to Nexus from Gradle

Introducing the Sonatype Support Portal and Knowledge Base

Automatic Transfer System Evades Security Measures, Automates Bank Fraud

What’s The Price For Secret Access To U.S. Gov’t Supercomputers?

Oracle Warns EBS Users Of Auto-update To Java 7

PHP 5.4.4 and 5.3.14 Releases Fix Security Vulnerabilities

Does Nexus Pro support your Gradle builds? Yes it does.

Apple Hustles, Patches Java Bugs Same Day As Oracle

Disaster Awaits U.S. Power Grid As Cybersecurity Lags

Software Update Site For Hospital Respirators Found Riddled With Malware

Reinventing Wheels and Opportunity Cost (or Why you Need to use Nexus)

Stop, Drop, and Upgrade Java: "Oracle Patches Java Security"

The Time to Pay Attention to Application Security is Now

Simple Authentication Bypass For MySQL Root Revealed

Adobe Patches Critical Flash Bugs, Ships Sandboxed Plug-in For Firefox

The md5crypt() Author Says The Algorithm Is No Longer Secure

Criminals Bypassing Sophisticated Device Fingerprinting With Basic Tools

SeaMonkey 2.10 Released, Closes Security Holes

Hackers Crack More Than 60% Of Breached LinkedIn Passwords

LinkedIn Confirms ‘Some’ Passwords Leaked

Nexus Professional 2.0.5 Released: It's Easier to Evaluate Awesomeness

PostgreSQL Security Updates Released

Researchers Find Methods For Bypassing Google’s Bouncer Android Security

Flame Malware Network Based On Shadowy Domains, Fake Names

‘Flame’ Spread Via Rogue Microsoft Security Certificates

Webinar Replay Now Available: Insight for CI Demo

Nexus Victorious in an Objective Comparison of Repository Managers

The Quickest Way to Evaluate Nexus OSS

Get proactive about Security with Insight

McAfee Reports Big Spike In Malware

Pwnium Hacking Contest Winners Exploited 16 Chrome Zero-days

Last Chance To Register: Insight for CI Demo

Critical Industries Don’t Grasp IT Risks, Study Shows

Smartphone Hijacking Vulnerability Affects AT&T, 47 Other Carriers

Nasdaq Chief Blames Software For Delayed Facebook Debut

Insight for CI Demo: Additional Session Added

ZTE Confirms Security Hole In U.S. Phone

Apache Details OpenOffice 3.4 Security Fixes

When Licenses Meet Reality, the Result is Often Confusing

High-ranked Sites Blacklisted By Google After Being Hijacked

How does Insight handle conflicting OSS licenses?

New Webinar: Gain Visibility & Control At Build Time with Insight for CI

Global Payments Breach Fueled Prepaid Card Fraud

Fuzz-o-Matic Finds Critical Flaw In OpenSSL

Trend Micro Reveals Top Document Attack Vectors From April

Google Guava Shows Strong Growth in April

CERT Warns On Critical Hole In SCADA Software By Italian Firm Progea

Webinar Replay Now Available: Manage Your OS Components at Build Time in Hudson & Jenkins

Critical Vulnerability In vBSEO Patched

APT Attackers Are Increasingly Using Booby-trapped RTF Documents

Research Uncovers IRC Bot Malware For Android

Java Drive-by Generator Used In Recent Attack

Microsoft Patch Tuesday More Extensive Than Anticipated

Nexus is for Sharing

Targeted Attack Infiltrates At Least 20 Companies

Malware Installed On Travelers’ Laptops Through Software Updates On Hotel Internet Connections

Node.js Update Fixes Information Disclosure Vulnerability

iOS 5.1.1 Closes iPhone Holes

Attackers Target Unpatched PHP Bug Allowing Malicious Code Execution

Selecting OSS Components: Three Questions Answered by Nexus Pro

Sonatype Survey Findings: Now with Granularity

RedKit Exploit Kit Spotted in the Wild

Hackers Blackmail Belgian Bank With Threats to Publish Customer Data

Nexus Stories From Across The Globe

Microsoft Detects New Malware Targeting Apple Computers

A First: Hacked Sites With Android Drive-by Download Malware

New 'Unknowns' Hacking Groups Hits NASA, Air Force, European Space Agency

Last Chance! Webinar: Manage Your Components at Build Time in Hudson & Jenkins

Trusteer Finds New Ransomware Variant

Service Automates Boobytrapping of Hacked Sites

Targeted Attacks, Mobile Vulnerabilities on the Rise, Report States

Attackers Place Command and Control Servers Inside Enterprise Walls

VMware Patches Vulnerabilities in ESX 4.1

Now Available: Nexus OSS 2.0.4

Backdoor That Threatens Power Stations To Be Purged From Control System

Ghost of HTML5 Future: Web Browser Botnets

PHP 5.4.1 and PHP 5.3.11 Released

Last Chance! Share Your Experiences with Nexus OSS/Pro

Critical Bug Reported in Oracle Servers

Backdoor in Mission-Critical Hardware Threatens Power, Traffic-Control Systems

VMvare confirms Server Hypervisor Source Code Leak

Hackers Now Pick Tools From Script Kiddies' Toybox - Report

Number-munching Clouds Are Godsend for Cybercrooks - Experts

OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug

New Java Malware Exploits Both Windows and Mac Users

When you run Nexus: "It Just Works"

Hackers Targeting Governments with Hijacked Sites

Can Nexus Scale?

New Version of OpenSSL Closes Security Holes in ASN1 Parser

An Emerging Role in IT Governance: The ALM Architect

Analysis: Flashback Spread Via Social Engineering, Then Java Exploits

Mozilla Blocklists Java on Older Mac OS X Systems

Is Analyzing Open Source Projects by Contributors a Valid Metric?

Google Warns the Operators of Thousands of Hacked Web Sites

Oracle Patch Day Addresses 88 Vulnerabilities

Oracle Issues Critical Security Bug Fixes for Databases, Glassfish, and more.

Is your phone possessed? Or is it Android Malware?

Start Proxying .NET Packages NuGet Gallery with Nexus Professional

Know the enemy: Havij Automated SQL Injection

Web Site Vulnerabilities Fall, but Hackers Become More Skilled

Oracle Accidentally Release MySQL DoS Proof of Concept

Two More Mac Trojans Discovered

New Webinar: Manage Your OS Components At Build Time

Most Application Vulnerabilities are "Forever Day" Vulnerabilities

Nexus Sighting: Illegal Argument Podcast #76

Update Java to avoid (and remove) the OSX Flashback Malware

Oracle to Issue 88 Security Patches on Tuesday

Are you using a Leiningen Repository Manager?

Last Chance To Register! Webinar: Why We Need To Care About OSS Security Now

Anonymous Blamed for Attacks on Technology Group Websites

Insufficient Security Controls for Smart Meters

Evaluating an Open Source Project's Security

How do most people find new dependencies... Google.

Rise of 'Forever Day' Bugs in Industrial Systems Threatens Critical Infrastructure

Data Breach Expands to Include More Victims

Google Chrome Fixes Seven High-Risk Vulnerabilities

Sophos Takes Down Partner Portal After Signs of Hacking

The OSS projects you depend on take security seriously. Do you?

Fast-growing Flashback botnet includes over 600,000 Macs, experts say

OSS Compliance: Lead or be Led, Your Choice

Updated Android Malware Can Take Over Your Phone

Joomla 2.5.4 Closes More Security Holes

Webinar: Why We Need To Care About OSS Security Now

DHS: America's Water and Power Utilities Under Daily Cyber-Attack

Mac Java Hole Exploited by Wild Flashback Trojan Strain

Potential First Android bootkit Spotted

Wayne Jackson's Presentation at RSA 2012: An Overview of Insight

Computer Hacker Tries To Steal

Expert Shows How Hackers Can Use CSRF Browser Vulnerability

Serious Cybersecurity Lapses Found at Pacific Northwest Electricity Supplier

Comprimised OpenX Ad Servers Lead Users to Malware

Critical Java Hole Being Exploited on a Large Scale

China Nabbing Great Deal of U.S. Military Secrets

Cybercriminals Love Affair with Havij Spells SQL Injection Trouble

Last Chance To Register! Webinar: Managing Your .NET Components with Nexus and NuGet

We're a Java shop, we're not going to get hacked...

Microsoft Leads Seizure of Zeus Related Cybercrime Servers

Apache Traffic Server Update Closes Important Security Hole

New TGLoader Android Malware Found Alternative Markets

Today's Security Brief: Application security is widely neglected (by some surprising companies)

Study: More Than 50 of Global 500 Use Vulnerable Open Source Components

LibreOffice 3.4.6 Fixes Potential Security Problem

Ken Rimple Interviews Brian Fox: Maven 3, Running Central, and Nexus

Using Nexus? Share Your Experiences.

Article Published in ISACA Journal: Mitigating OSS Risk

New Webinar: Managing Your .NET Components with Nexus and NuGet

For St. Patrick's Day: A Compliance Strategy for "Beerware"

9% of developers "Going Rogue" and Contributing Anyway

The Results Are In: Sonatype 2012 Open Source Development Survey

Insight's Password Security: "a trillion trillion trillion centuries"

Nexus 2.0.2 Released: Critical Fix for Eclipse Proxies

Use JSON? Well you'd better not be Evil.

"There's no analog to a repository manager in .NET. Until now."

Run Nexus OSS 2.0.1 on Amazon EC2: Here's an AMI

Some Good Reasons to Upgrade to Nexus OSS 2.0.1

The First Line of Defense: Checksums and PGP Signatures in Repositories

New Webinar: Avoiding Build Disasters with Repository Managers

Nexus Pro 2.0.1 Now Available: Minor Security and Stability Issues Fixed

A Common Approach to OSS Policy: "Making it Up as You Go"

Whatever, we’ve got security people for that...

Missed the Nexus 2.0 Webinar? Don't worry. We recorded it just for you.

Advanced Nexus Diagnostics with the Nexus 2.0 "describe" Flag

What do cartoons have to do with build systems?

Nexus 2.0 supports .NET: "Building a more Secure and Effective Development Environment"

Public Service Announcement: Your build is leaking (and how to stop it)

Technology Focus: What is Scala?

Gain some Insight with a Nexus Repository Health Check

What is NuGet? (for Java Developers)

Nexus Pro 2.0: Support Distributed Teams with Smart Proxy

Announcing Nexus Professional 2.0

Distributing Binaries: Why not just use a Shared Filesystem?

Nexus: Don't dive in until you know how to swim

Nexus 2.0 is coming. Join Jason for the first demo.

Scala Artifacts Now on Central

A Simple Reminder for Maven/Gradle/Ivy Users: Proxy Central

Sizing Nexus: How much space do you need?

Releases Are Forever?

What is Central?

How well do you know your open source licensing?

Establish Mechanisms to Monitor Your Governance Program: Open Source Development Tip #10

Take Our Development Survey For a Chance to Win Jason's Brand New MacBook Air‏

Webinar Replay Now Available: Nexus 2.0 Sneak Preview

Bringing Java and Linux together on the way to Continuous Live Deployment

Continuously Monitor Production Applications: Open Source Development Tip #9

New Webinar: Nexus 2.0 Sneak Preview

Build Open Source Management into Software Development: Open Source Development Tip #8

How to publish your Gradle project to the Central Repository

Establish a Policy of Service and Support: Open Source Development Tip #7

November Community Spotlight: Manfred Moser of simpligility technologies

Standardize on a Common Set of Components: Open Source Development Tip #6

Evaluate Open Source Components Before Use: Open Source Development Tip #5

Start With a Pilot Program: Open Source Development Tip #4

Our Customers Told Us To...(the Insight Story)

Establish an Open Source Governance Program: Open Source Development Tip #3

Sonatype October Newsletter

Tips for Increasing Open Source Benefits– Tips #1 and #2

Avoid Lawyers -- Track Your Licenses

October Community Spotlight: Anders Hammar, Devoteam Sweden

Publishing Your Artifacts to the Central Repository

Answers to your Questions about Insight

Will You Know When a Security Flaw is Found in a Production App?

Open Source Changes Fast. Can You Keep Up?

New Webinar: Open Source Goodness minus Potential Risks = Insight

The Next Step in Transforming Software Development

FINAL WEEK of Limited Time Nexus Offer

JBoss Moves to Central

New virtual Nexus training class available

Nexus Gets a Stop Button

Online Limited Time Offer: Go Pro for Less Until Sept 16th

Java.net Moves to Central

Tame Your Dependencies With Free Eclipse Plugin

The Central Repository Is Getting Faster! Are you ready for the new IPs?

Central Grows Up - See The History

Browse Repos Easily with Updated Maven Central Search

The best Maven how-tos from the Sonatype blog

Select better components with the new Eclipse plugin

Video: Multi-master configuration for Nexus

Video: Nexus Basics in 110 Seconds

Where is m2eclipse?

Maven Central Building Blocks

Nexus Tips and Tricks: Backup Nexus

Hudson book coming soon!

You Don't Need A Browser to Use Maven Central

Your Sonatype Newsletter: June 2011

Next Webinar: Improving Your Java development with Apache Maven 3 and Hudson

Hudson Survey Results Show Reliability and Performance Are Key Concerns

Last Chance to Enroll: MVN-101 Training in Europe

Sonatype donates Maven 3.x integration, Eclipse Integration to Hudson

Maven Central Failover Mechanism Improves: Temporary IP change on Monday

Maven 3: The Future of Enterprise Java Build Infrastructure

Sonatype supports Hudson's move to the Eclipse Foundation

Hudson Pro: Where’s the Maven job type?

Goodbye SVN, Hello Git

Tycho: Building Eclipse plugins with Maven

Sonatype Maven Training class available during European business hours

Webinar replay for "Enterprise Repository Management" now available

How not to download the Internet

Register today for our Enterprise Repository Management webinar