Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

From Feature to Vulnerability: a spring-security-oauth2-client Story

By Juan Aguirre on August 27, 2021 vulnerabilities
Taking a deeper dive into a Spring vulnerability and understanding how lack of control over resources can lead to a DoS (Denial of Service).
Read More...

Beyond Coding: Changing Developer Roles

By Karin Althaus on August 27, 2021 DevOps Culture
Developers are increasingly taking center-stage, assuming more responsibilities and tasks. But what does this mean for developers themselves?
Read More...

Return on Investment in Software Composition Analysis?

By IT Central Station on August 20, 2021 Nexus Lifecycle
Having become a more standard part of the software development process, SCA is increasingly taken for granted as worth the investment, but is it?
Read More...

Cloud Security Concerns in 2021

By Kevin Miller on August 05, 2021 cloud
Cloud environments are growing in complexity, and challenging those responsible for keeping environments secure. We partnered with Fugue to uncover how cloud security professionals are handling the
Read More...

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities
ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

By Kevin Miller on July 30, 2021 Nexus Lifecycle
The Sonatype Nexus platform now evaluates and analyzes Javascript/Node components directly in IntelliJ IDEA.
Read More...

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

What to Consider When Crafting Your OSS Policy

By Filipp Kofman on July 15, 2021 legal
Building a plan for using open source software in your company means less confusion and risk. A look at some of the necessities and ideals in handling freely available code.
Read More...

Effective Tools for Software Composition Analysis

By IT Central Station on July 14, 2021 Nexus Lifecycle
Better developer tools for the software supply chain mean a faster, more effective team. Sonatype customers share the tools that help them move faster and with less risk.
Read More...