New Nexus Repository Visualizer Provides Insights into Log4j Usage

By Chris Good on December 30, 2021 Nexus Repository

4 minute read time

Vulnerable Log4j components are still in active use. New functionality available for Sonatype's Nexus Repository monitors and helps address these issues.
Read More...

Helping The Open Source Community Find, Fix, and Remediate Log4j

By Ilkka Turunen on December 15, 2021 vulnerabilities

5 minute read time

Assistance to protect the software supply chain from Log4j and other logging vulnerabilities. Open source intel, Pull Request Protection, SBOMs, and more.
Read More...

Why Namespacing Matters in Public Open Source Repositories

By Brian Fox on February 10, 2021 The Central Repository

8 minute read time

Sonatype's CTO explains why the Central Repository has always required namespacing and why all public open source repositories should too, following a new software way supply chain attack.
Read More...

The Central Repository Stands to Support Sailors from Bintray - 3 steps to take now to protect your builds from failing

By Ilkka Turunen on February 08, 2021 The Central Repository

8 minute read time

We've created a practical guide for Bintray users migrating to the Central Repository to follow and ensure that use and distribution of open source components continues smoothly.
Read More...

What Publishers Need to Know About Migrating from JCenter / Bintray to The Central Repository

By Ilkka Turunen on February 08, 2021 The Central Repository

10 minute read time

A step-by-step guide publishers can follow to easily migrate from Bintray/JCenter to The Central Repository
Read More...

Dear Bintray and JCenter Users - Here’s What You Need to Know About The Central Repository

By Brian Fox on February 04, 2021 The Central Repository

3 minute read time

If you're freaking out about moving Java components into The Central Repository, following JFrog sunsetting Bintray, don’t worry. We’re here for you.
Read More...

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

9 minute read time

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...

Best-in-Class: Introducing Enhanced OSS Index Data

By Najla Dadmand on September 01, 2020 featured

2 minute read time

Sonatype’s free catalog of open source components and scanning tools for developers, OSS Index, now has more data, improved component choice and better remediation.
Read More...

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

By Mike Hoskins on March 04, 2020 npm

5 minute read time

Building good hygiene habits as part of our development practice helps the community at large. Here's how to use Nexus Repository OSS as part of it.
Read More...