Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Alexa: What’s the Future of Cyber Security?

By Katie McCaskey on May 02, 2019 devsecops
The software supply chain connects everyone and everything but attacks to this connected web can be blatant and overt, with damaging consequences - especially within the federal government.
Read More...

PyCharm and Nexus Repository Manager - A Match Made in Heaven

By Sable Yemane on May 01, 2019 Nexus Repository
Great news for Python developers, Nexus Repository Manager (NXRM) now natively supports PyCharm; no extra configuration needed.
Read More...

Washingtonian Magazine, Battery Ventures Rank Sonatype on Coveted Best Places to Work Lists

By Katie McCaskey on April 29, 2019 sonatype momentum
Sonatype shout-out! We’ve been named one of the 50 Highest Rated Private Cloud Computing Companies on Glassdoor by Battery Ventures and one of Washingtonian Magazine's 50 Great Places to Work.
Read More...

Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution

By Elisa Velarde on April 26, 2019 vulnerability
In this month's Nexus Intelligence Insights we discuss a very popular component used by developers worldwide. Say hello to CVE-2019-0232, a remote code execution vulnerability.
Read More...

Implementing DevSecOps with 1,162 Apps

By Derek Weeks on April 22, 2019 devsecops
True DevSecOps includes breaking builds when vulnerable open source is found. But, implementing that level of precision is not an easy task. Hiep Tran from Capital Group, shares the process they wen
Read More...

From 0 to Accredited in 23 Days

By Derek Weeks on April 22, 2019 devops tools
DevSecOps in Government - What if there was a way to go from 0 to accredited in 23 days? Leonel Garciga from the DoD’s Joint Improvised Threat Defeat Organization shares how.
Read More...

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Operating Without an OSS License? That Could Be Dangerous!

By Derek Weeks on April 17, 2019 Nexus Lifecycle
The intent of OSS licensing is to to make sure software can remain open source and freely used. But, some licenses contain requirements that could conflict with your business objectives - it's
Read More...

Full Lifecycle Container Security

By Derek Weeks on April 17, 2019 devsecops
As containers become a greater part of the DevOps pipeline, securing them is top of mind. John Morello, Twistlock CTO, shared thoughts at the 2018 Nexus User Conference on how-to secure them across
Read More...