How to Manage Your Open Source Licenses in 2022

By Luke Mcbride on June 02, 2022 licenses

6 minute read time

Development teams are using openly licensed software in their process, and lots of it. To comply with the requirements, you need license management tools.
Read More...

Wicked Good Development: Dev Nexus Reflections and Conversations Part 2

By Kadi Grigg on May 31, 2022 podcast

22 minute read time

From a discussion at Devnexus 2022, a varied conversation about development and open source security from an open source maintainer and contributor.
Read More...

Wicked Good Development: Dev Nexus Reflections and Conversations Part 1

By Kadi Grigg on May 31, 2022 Community

19 minute read time

At our roundtable discussion on Devnexus 2022, we get a chance to interview two more developers who contribute to the open source community.
Read More...

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

By Ax Sharma on May 24, 2022 vulnerabilities

5 minute read time

Popular Python package 'ctx' that is downloaded over 22,000 times weekly on PyPI registry has been compromised and now steals environment variables. Additionally, a forked PHP project 'phpass' also
Read More...

New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux

By Ax Sharma on May 20, 2022 vulnerabilities

5 minute read time

The 'pymafka' PyPI package is filled with trojans targeting Windows, macOS & Linux users and appears to typosquat the popular PyKafka, a programmer-friendly Apache Kafka client for Python.
Read More...

This Week in Malware—Malicious Rust crate, 'colors' typosquats

By Ax Sharma on May 14, 2022 vulnerabilities

6 minute read time

From a malcious Rust typosquat found in the crates[.]io repository to ongoing typosquatting attacks on 'colors' library, the OSS security problem hasn't gone away just yet.
Read More...

A Clear Path Forward Toward More Secure and Maintainable Open Source Software

By Brian Fox on May 13, 2022 featured

7 minute read time

Sonatype CTO shares thoughts following conversations, led by OpenSSF, where industry and government came together to discuss securing open source software.
Read More...

Take Control of Your InnerSource Components with InnerSource Insight

By Chris Good on May 11, 2022 Nexus Lifecycle

7 minute read time

InnerSource Insight, an industry-first capability, makes it easier and safer for developers to use components developed by others in their organization.
Read More...

This Week in Malware—Apache Kafka typosquats, shorthand data exfiltration

By Ax Sharma on May 06, 2022 vulnerabilities

4 minute read time

This Week In Malware—May 6th edition: Apache Kafka typosquat, and a simple distraction technique.
Read More...