Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Gartner: The Crucial Role of OSS License Compliance

Gartner's SCA recommendations include deep understanding of OSS licensing. Operating without license compliance, intentionally or not, invites peril.
Read More...

The Central Repository is Moving to HTTPS

By Terry Yanko on December 20, 2019 central maven repository
Beginning January 15, 2020 The Central Repository will no longer support communication over HTTP. We are moving to HTTPS to ensure greater security.
Read More...

New in Nexus Repository 3.20: R Format Support & More

By Brent Kostak on December 19, 2019 visual studio
The release of Nexus Repository 3.20 offers native support for R repositories. R is a language used for statistical analysis and machine learning.
Read More...

Sonatype Nexus is Rising Above the Swamp

By Matt Howard on December 16, 2019 Nexus vs. Artifactory
With Vista by our side, Sonatype's direction is clear, and Nexus is rising above JFrog Artifactory. We invite you to test the Nexus difference.
Read More...

Gartner: Mitigate Risk By Hardening the Software Supply Chain

By Katie McCaskey on December 12, 2019 Sonatype Nexus
As Gartner explains, key to mitigating open source risk, is a hardened software supply chain. But, where do you start?
Read More...

Nexus Innovator: Jasmine James of Delta

By Katie McCaskey on December 11, 2019 Nexus Platform
Jasmine James of Delta Airlines explains how she discovered Sonatype Nexus and how it's played a role in her career.
Read More...

Why You Need a Software Bill of Materials More Than Ever

By Katie McCaskey on December 05, 2019 software bill of materials
Enterprises need to know what open source components are in their software at all times. If you don't have a software bill of materials, you're already behind.
Read More...

New Integration to Visual Studio Code - Nexus IQ and OSS Index

By Allen Hsieh on December 04, 2019 Nexus Lifecycle
Introducing the new Nexus IQ integration for VS Code. If you want to understand how we built it, why we built it, and the problems it solves, read on.
Read More...

Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + 'prototype' pollution

By Elisa Velarde on November 27, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2018-16487: remote code execution and 'prototype' pollution in Lodash and how to protect against a hack of this vulnerable vector.
Read More...