Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Workflow automation: Publishing artifacts to Sonatype Nexus Repository using Jenkins Pipelines

By Dmitriy Akulov on June 12, 2020 AppSec

8 minute read time

Use Sonatype Nexus Repository to create an automated workflow to build, store, organize, and monitor the compiled Maven artifacts through a CI server.
Read More...
READ MORE

Can Kubernetes keep a secret?

By Daniel Longest on June 10, 2020 AppSec

4 minute read time

Kubernetes Secrets store usernames and passwords as base-64 encoded strings. They are obscured from casual browsing, but this is the same as plaintext.
Read More...
READ MORE

How to publish Docker images on a private Sonatype Nexus Repository using Jib Maven plugin

By Awkash Agrawal on June 08, 2020 AppSec

4 minute read time

Learn how to publish Docker images to a private Nexus repository with the help of the Maven Jib plugin.
Read More...
READ MORE

Smart teams use Atlassian and Sonatype to plan development work

By Kevin Miller on June 05, 2020 JIRA

3 minute read time

Shift open source governance into daily ticketing workflows. Teams can quickly assess risk and plan code fixes using Nexus Lifecycle and Jira Software.
Read More...
documentation
READ MORE

Using a software bill of materials (SBOM) is going mainstream

3 minute read time

Crazy: OWASP A9 is about to turn seven and the DevSecOps Community Survey shows less than half of organizations can produce a Software Bill of Materials.
Read More...
READ MORE

DevOps assurance with OWASP SAMM

By Guillermo Salazar on June 02, 2020 OWASP

4 minute read time

SAMM v2 follows three levels of maturity. Maturity levels 1 through 3 are similar to what, in other models, are known as crawling, walking, and running.
Read More...
READ MORE

Update: 21 SaltStack breaches with 2,900 still vulnerable

By Derek Weeks on May 31, 2020 vulnerabilities

7 minute read time

When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?
Read More...
group discussion
READ MORE

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

By Alyssa Shames on May 12, 2020 AppSec

4 minute read time

Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...
READ MORE

The Science of Compliance: Early Code to Secure Your Node

By Carlos Schults on April 27, 2020 Compliance

4 minute read time

Compliance testing can—and should—be done at all stages of your CI process. Watch your test tool – there can be false positives as well as false negatives.
Read More...