Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Getting started with the Secure Software Development Framework (SSDF)

By Aaron Linskens on July 27, 2023 Software Supply Chain

6 minute read time

Discover how to get started with the Secure Software Development Framework (SSDF), what it contains, and why should you leverage it

Read More...

How to use Repository Health Check 2.0

By Sonatype on July 21, 2023 repository health check

3 minute read time

How to install RHC 2.0 in the Sonatype Nexus Repository.

Read More...

Cyber Resilience Act: The future of software in the European Union

By Aaron Linskens on July 20, 2023 secure software supply chain

6 minute read time

Discover what the EU Cyber Resilience Act entails and what the consequences might be for open source and software development overall

Read More...

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

By Ax Sharma on July 17, 2023 PyPI

3 minute read time

A malicious PyPI package called ‘feur’ was caught by Sonatype’s automated malware detection systems

Read More...

A closer look: Differentiating software vulnerabilities and malware

By Aaron Linskens on July 11, 2023 vulnerabilities

7 minute read time

Vulnerabilities and malware in open source software pose significant threats to the security and integrity of your software supply chain

Read More...

npm manifest confusion – What is it and do you really need to worry about it?

By Ax Sharma on June 28, 2023 npm

4 minute read time

npm manifest confusion – what is it and do you really need to worry about it?

Read More...

How to measure the maturity of your software supply chain

By Aaron Linskens on June 26, 2023 Software Supply Chain

6 minute read time

Learn how to measure the maturity of your software supply chain and leverage a maturity framework for more secure and reliable software

Read More...

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

By Ax Sharma on June 22, 2023 vulnerability

3 minute read time

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.

Read More...

Sonatype named a leader in The Forrester Wave™ for software composition analysis

By Tara Flynn Condon on June 15, 2023 Forrester

3 minute read time

The Sonatype platform named a Leader in the 2023 Forrester Wave for SCA.

Read More...

Previous Next

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Getting started with the Secure Software Development Framework (SSDF)

How to use Repository Health Check 2.0

Cyber Resilience Act: The future of software in the European Union

“Quoi...? feur” from meme to malware – PyPI package targets Windows with ‘NullRAT’ info-stealer

A closer look: Differentiating software vulnerabilities and malware

npm manifest confusion – What is it and do you really need to worry about it?

How to measure the maturity of your software supply chain

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

Sonatype named a leader in The Forrester Wave™ for software composition analysis

Secure your software supply chain

Subscribe for all the latest software security news and events