Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Sonatype Security Research Team

Sonatype's Security Research Team is comprised 65 world class professionals with 500+ years of experience. The Team is focused on bringing real-time, in-depth intelligence and actionable information about open source and third party vulnerabilities to Sonatype customers.

CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains

Sonatype has determined those behind the CursedGrabber Discord malware family, have published a new malware campaign against software supply chains
Read More...

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the existing fix in place, creating
Read More...