The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Nexus on the Ascent

By Brent Kostak on September 23, 2020 Nexus vs. Artifactory
Preferred 2:1 over JFrog Artifactory, Nexus Repository is stronger and more forward-thinking than ever.
Read More...

Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC

By Alyssa Shames on September 16, 2020 Nexus Lifecycle
Sonatypes new integration between NeuVector and Nexus Lifecycle combines NeuVector’s open source detection and mitigation capabilities at the container application, operating system, and runtime
Read More...

Katie Arrington discusses making development move at the speed of relevance

By Ryan Schradin on September 14, 2020 government
Katie Arrington, CISO for the Office of the Under Secretary of Defense for Acquisition, recently discussed DevSecOps in the federal government and how the DoD is tackling key issues.
Read More...

Nexus as a Container Registry

By Brent Kostak on September 09, 2020 Nexus Repository
Say hello to Nexus as a Container Registry! Built on enterprise storage capabilities, Nexus Repository is a robust package registry for all of your Docker images and Helm Chart repositories.
Read More...

Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continued attack on open source software

By Akshay 'Ax' Sharma on September 02, 2020 vulnerabilities
This weekend a malicious component called “fallguys” was discovered on npm impersonating an API for the widely popular video game, Fall Guys: Ultimate Knockout. Its actual purpose, however, was
Read More...

Best-in-Class: Introducing Enhanced OSS Index Data

By Najla Dadmand on September 01, 2020 featured
Sonatype’s free catalog of open source components and scanning tools for developers, OSS Index, now has more data, improved component choice and better remediation.
Read More...

Sonatype CEO on The Future of the Software Supply Chain

Sonatype's CEO Wayne Jackson talked about Maven, the software supply chain, and speed vs. security no longer being at odds, at the 2020 Nexus User Conference.
Read More...

Storage Management Best Practices: Part 1 - Components In Motion

By Brent Kostak on August 20, 2020 Nexus Repository
New in Nexus Repository 3.26, users now have an effective way to migrate components between two or more Nexus Repository instances.
Read More...

From Prototype Pollution to full-on remote code execution, how can adversaries exploit npm modules?

By Akshay 'Ax' Sharma on August 19, 2020 vulnerabilities
August's Nexus Intelligence Insight looks at the NodeJS component express-fileupload which now has a critical Prototype Pollution vulnerability.
Read More...