Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product?

December 23, 2020 By Michael Griffin

As you may have seen, we at Sonatype have been following the SolarWinds’ software supply chain security breach closely. We’ve simultaneously been reviewing and analyzing our own environments to confirm we are not impacted by this security vulnerability. Though we are continuing to monitor the situation and our investigation is ongoing, we can confirm that we do not use the SolarWinds Orion platform nor have we found any evidence of the existence of the Sunburst vulnerability within our own product offerings. The security of our customers and community is a top priority for us. As such, we’ve taken additional steps to block Indicators of Compromise (IOCs) associated with this advisory and are working with our critical third-party vendors to ensure they are closely monitoring this situation and keeping us apprised of any developments related to this security incident. We will provide further updates should our own investigations or any investigations with our third-party vendors warrant additional information. 

You can read the full advisory here https://www.solarwinds.com/securityadvisory.

If you have additional questions reach out to security@sonatype.com 

As always, if you have any questions regarding the security of your software supply chain, we are here to help and you can contact us here

Tags: News and Views, Product

Written by Michael Griffin

Michael serves as Sonatype's Director, Information Security and brings over 22 years experience building and leading Information Security programs for organizations. Michael is active in professional organizations, such as ISACA and ISSA where he enjoys helping organizations improve their programs and mentoring others.