Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Ilkka Turunen

Ilkka serves as the Global Director of Pre-Sales Engineering at Sonatype. He is a software engineer with a knack for rapid web-development and cloud computing and with technical experience on multiple levels of the XaaS cake. Ilkka is interested in anything and everything, always striving to learn any relevant skills that help towards building Sonatype for success.

3 steps to deal with the aftermath of the highjacked eslint-scope package

By Ilkka Turunen on July 13, 2018 remote code execution

Yesterday at noon BST a new github issue was opened in the popular eslint repository on github. Someone had highjacked this package and published a version


CVE-2017-17461 - Vulnerable or Not?

By Ilkka Turunen on May 31, 2018 security research

One of our core beliefs at Sonatype is in the need for actionable, in-depth security research being necessary for remediating issues and fixing them. Our data


Nexus Lifecycle: Using REST API to identify where newly vulnerable components reside across your application portfolio

By Ilkka Turunen on February 19, 2018 compliance as code

Following the recent announcement of the npm package conventional-changelog having a malicious version uploaded (read more in Brian's blog ), I wanted to


Struts2 Breach at Equifax was 100% Preventable. Here's how.

By Ilkka Turunen on September 20, 2017 Apache Struts2

The breach at Equifax is a siren call. It's time for organizations to approach the problem of managing open source software by using automated technology,