New Sonatype Nexus Repository Visualizer provides insights into Log4j usage

By Chris Good on December 30, 2021 featured

4 minute read time

Vulnerable Log4j components are still in active use. New functionality available for Sonatype's Nexus Repository monitors and helps address these issues.
Read More...

Why namespacing matters in public open source repositories

By Brian Fox on February 10, 2021 The Central Repository

8 minute read time

Sonatype's CTO explains why the Central Repository has always required namespacing and why all public open source repositories should too.
Read More...

The Central Repository stands to support sailors from Bintray - three steps to take now to protect your builds from failing

By Ilkka Turunen on February 08, 2021 The Central Repository

8 minute read time

We've created a practical guide for Bintray users migrating to the Central Repository to follow and ensure that use and distribution of open source components.
Read More...

What publishers need to know about migrating from JCenter / Bintray to the Central Repository

By Ilkka Turunen on February 08, 2021 The Central Repository

11 minute read time

A step-by-step guide publishers can follow to easily migrate from Bintray/JCenter to The Central Repository
Read More...

Dear Bintray and JCenter users - Here's what you need to know about the Central Repository

By Brian Fox on February 04, 2021 The Central Repository

3 minute read time

If you're freaking out about moving Java components into The Central Repository, following JFrog sunsetting Bintray, don’t worry. We’re here for you.
Read More...

Sonatype stops software supply chain attack aimed at the Java developer community

9 minute read time

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...

Best-in-class: Introducing enhanced OSS Index data

By Najla Dadmand on September 01, 2020 featured

2 minute read time

Sonatype’s free catalog of open source components and scanning tools for developers, OSS Index, now has more data, improved component choice and better.
Read More...

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

By Mike Hoskins on March 04, 2020 npm

5 minute read time

Building good hygiene habits as part of our development practice helps the community at large. Here's how to use Nexus Repository OSS as part of it.
Read More...

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

By Kevin Miller on March 03, 2020 Nexus Lifecycle

2 minute read time

Enhanced JavaScript support provides improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the SDLC.
Read More...