Skip Navigation
Book a Demo
Book a Demo

Featured Article

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

Read More

SHARE:

Sonatype_Blog_Logo_White
Red markers among the building blocks of open source
READ MORE

New Nexus Repository Visualizer Provides Insights into Log4j Usage

By Chris Good on December 30, 2021 Nexus Repository

4 minute read time

Vulnerable Log4j components are still in active use. New functionality available for Sonatype's Nexus Repository monitors and helps address these issues.
Read More...
Developers working on Log4j issues
READ MORE

Helping The Open Source Community Find, Fix, and Remediate Log4j

By Ilkka Turunen on December 15, 2021 vulnerabilities

5 minute read time

Assistance to protect the software supply chain from Log4j and other logging vulnerabilities. Open source intel, Pull Request Protection, SBOMs, and more.
Read More...
The importance of Namespacing in Public Open Source Repositories
READ MORE

Why Namespacing Matters in Public Open Source Repositories

By Brian Fox on February 10, 2021 The Central Repository

8 minute read time

Sonatype's CTO explains why the Central Repository has always required namespacing and why all public open source repositories should too.
Read More...
READ MORE

The Central Repository Stands to Support Sailors from Bintray - 3 steps to take now to protect your builds from failing

By Ilkka Turunen on February 08, 2021 The Central Repository

8 minute read time

We've created a practical guide for Bintray users migrating to the Central Repository to follow and ensure that use and distribution of open source components continues smoothly.
Read More...
Migrating from Bintray to the Central Repository
READ MORE

What Publishers Need to Know About Migrating from JCenter / Bintray to The Central Repository

By Ilkka Turunen on February 08, 2021 The Central Repository

10 minute read time

A step-by-step guide publishers can follow to easily migrate from Bintray/JCenter to The Central Repository
Read More...
Moving Java components into The Central Repository, following JFrog sunsetting Bintray and JCenter
READ MORE

Dear Bintray and JCenter Users - Here’s What You Need to Know About The Central Repository

By Brian Fox on February 04, 2021 The Central Repository

3 minute read time

If you're freaking out about moving Java components into The Central Repository, following JFrog sunsetting Bintray, don’t worry. We’re here for you.
Read More...
software supply chain attack on Java developer community thwarted
READ MORE

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

9 minute read time

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...
OSS Index Update
READ MORE

Best-in-Class: Introducing Enhanced OSS Index Data

By Najla Dadmand on September 01, 2020 featured

2 minute read time

Sonatype’s free catalog of open source components and scanning tools for developers, OSS Index, now has more data, improved component choice and better remediation.
Read More...
READ MORE

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

By Mike Hoskins on March 04, 2020 npm

5 minute read time

Building good hygiene habits as part of our development practice helps the community at large. Here's how to use Nexus Repository OSS as part of it.
Read More...