Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Open Source and Cloud Security Together at Last

By Kevin Miller on November 12, 2020 Nexus Lifecycle
Sonatype and Fugue partner to combine Open Source and Cloud Security and Compliance
Read More...

Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits

By Brent Kostak on November 11, 2020 Docker
Nexus as a Container Registry is a robust and completely free solution to help developers insulate themselves against any upstream rate charges from Docker Hub's new rate limit changes.
Read More...

Discord.dll: successor to npm “fallguys” malware went undetected for 5 months

By Ax Sharma on November 09, 2020 vulnerabilities
Sonatype has identified a series of counterfeit components in the npm ecosystem, Discord.dll, that are similar to the malicious “fallguys” npm package discovered in Sept.
Read More...

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github
Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...

Turkish Banking Agency Mandates Better Software Supply Chain Hygiene

The Banking Regulation and Supervision Agency has introduced new standards to protect the Turkish citizenry and require banks to more aggressively protect customer data, payment information and
Read More...

Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!

By Ax Sharma on November 02, 2020 vulnerabilities
Sonatype’s Release Integrity, malicious code detection service, discovers twilio-npm` is brandjacking malware in disguise.
Read More...

Discord squashes critical Electron bugs: open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle
Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...

What I Learned from DevSecOps Leaders in a High Tech World

By Sara Budsock on October 16, 2020 devsecops
DevSecOps leaders from FISERV, Sirius XM, NBC Universal, OneTrust, Estée Lauder, PointClickCare, and Micro Focus, share how DevSecOps adoptions is adding value to their organizations.
Read More...

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

By Brian Fox on October 07, 2020 Nexus Lifecycle
Sonatype's Advanced Development Pack will fundamentally change how teams manage code dependencies.
Read More...