Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Popular npm Project Used by Millions Hijacked in Supply-Chain Attack

By Ax Sharma on October 25, 2021 vulnerabilities
Companies are assessing impact from compromise of a popular npm project that may have introduced cryptominers and password stealers into their systems.
Read More...

Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices

Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.
Read More...

A Non-Programmer Introduction to the Software Supply Chain (Electron)

By Luke Mcbride on October 14, 2021 Software Supply Chain
Connecting the larger use by the software industry of component programs to something most people have on their machine right now: The Electron Framework.
Read More...

Software Supply Chains: an Introductory Guide

By Luke Mcbride on October 08, 2021 Open Source
Take a closer look at the software supply chain, including what it contains, why it’s important, and how to protect it from vulnerabilities.
Read More...

Apache Servers Actively Exploited in the Wild, and the Importance of Prompt Patching

By Ax Sharma on October 05, 2021 vulnerabilities
New apache vulnerability exploited in the wild is the result of an incomplete path normalization logic
Read More...

What is a Software Bill of Materials (SBOM)?

By Justin Reynolds on September 27, 2021 software bill of materials
A deep dive into a Software Bill of Materials with top use cases, benefits, and ways to manage.
Read More...

Azure DevOps Integration Now Available for Nexus Lifecycle

By Kevin Miller on September 23, 2021
In addition to our existing integration with the GitHub, GitLab, and Bitbucket services, Nexus Lifecycle now integrates into Azure DevOps.
Read More...

$3 Million Cryptocurrency Heist Stemmed from a Malicious GitHub Commit

By Ax Sharma on September 20, 2021 vulnerabilities
Cryptocurrency site loses funds after supply chain attack. A look at what happened, this time due to poor Git security policy.
Read More...

OMIGOD! Microsoft Secretly Installed an Open Source Agent with Critical Vulnerabilities on Thousands of Linux VMs

By Ax Sharma on September 17, 2021 vulnerabilities
Microsoft released patches for critical vulnerabilities in its Open Management Infrastructure (OMI) software agent which had been silently installed on Azure Linux VMs.
Read More...