Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

PyPI and npm Flooded with over 5,000 Dependency Confusion Copycats

By Ax Sharma on March 03, 2021 vulnerabilities
Both PyPi and npm are being inundated with malicious dependency confusion packages.
Read More...

Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties

By Ax Sharma on March 01, 2021 vulnerabilities
Malicious npm dependency confusion packages exfiltrate your bash_history and /etc/shadow files
Read More...

White House Releases Executive Order on America's Software Supply Chains

By Derek Weeks on February 25, 2021 secure software supply chain
Following recent SolarWinds attacks on multiple government agencies, US President Biden calls for comprehensive reviews of software supply chains.
Read More...

Sonatype Spots 275+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

By Ax Sharma on February 12, 2021 vulnerabilities
48 hours after a security researcher breached 35+ tech companies in a novel software supply chain attack, Sonatype’s Nexus Intelligence flagged 150+ copycat npm packages published by different
Read More...

Why Namespacing Matters in Public Open Source Repositories

By Brian Fox on February 10, 2021 The Central Repository
Sonatype's CTO explains why the Central Repository has always required namespacing and why all public open source repositories should too, following a new software way supply chain attack.
Read More...

Namespace Confusion: Minimizing Risk with Nexus Repository

By Michael Prescott on February 10, 2021 Nexus Repository
Nexus Repository (NXRM) can help minimize your risk against namespace confusion with a feature called repository routing rules.
Read More...

Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations

By Ax Sharma on February 09, 2021 vulnerabilities
A security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
Read More...

The Central Repository Stands to Support Sailors from Bintray - 3 steps to take now to protect your builds from failing

By Ilkka Turunen on February 08, 2021 The Central Repository
We've created a practical guide for Bintray users migrating to the Central Repository to follow and ensure that use and distribution of open source components continues smoothly.
Read More...

What Publishers Need to Know About Migrating from JCenter / Bintray to The Central Repository

By Ilkka Turunen on February 08, 2021 The Central Repository
A step-by-step guide publishers can follow to easily migrate from Bintray/JCenter to The Central Repository
Read More...