Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
python
READ MORE

How to Easily Identify Conda Vulnerabilities Using Sonatype Jake

By Aditya Khanduri on February 20, 2020 Everything Open Source

6 minute read time

Jake, a free tool, identifies vulnerabilities in a Conda environment. It's simple to use, saves time, and empowers you to develop Python projects faster.
Read More...
GettyImages-638966228
READ MORE

The Central Repository is moving to HTTPS

By Terry Yanko on December 20, 2019 central maven repository

3 minute read time

Beginning January 15, 2020 The Central Repository will no longer support communication over HTTP. We are moving to HTTPS to ensure greater security.
Read More...
GettyImages-1037984544
READ MORE

New Integration to Visual Studio Code - Nexus IQ and OSS Index

By Allen Hsieh on December 04, 2019 Nexus Lifecycle

4 minute read time

Introducing the new Nexus IQ integration for VS Code. If you want to understand how we built it, why we built it, and the problems it solves, read on.
Read More...
GettyImages-1139164499
READ MORE

Removing Search Guard from the Central Repository

By Brian Fox on September 11, 2019 The Central Repository

2 minute read time

Due to an intellectual property dispute between two third parties, Sonatype is legally required to remove disputed artifacts related to Search Guard from the.
Read More...
GettyImages-924143546
READ MORE

How a Surf Loving Aussie Developed Sonatype’s Most Popular Extension

By Katie McCaskey on August 02, 2019 plugin

3 minute read time

The origin story of the Nexus Chrome plugin, which starts with Sonatyper Cameron Townshend on the beaches of Australia. It is now used worldwide.
Read More...
GettyImages-1029087644
READ MORE

Say Hello to Our New GitLab Integration

By Sonal Thawani on May 08, 2019 devsecops

2 minute read time

Nexus Lifecycle now integrates with GitLab CI, bringing precise open source intelligence to GitLab users.
Read More...
GettyImages-913430902
READ MORE

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 2

By Curtis Yanko on May 07, 2019 Red Hat

3 minute read time

How to add security to your CI/CD pipeline quickly with Nexus Lifecycle, Red Hat Quay, and Twistlock, all without disrupting ongoing development.
Read More...
GettyImages-932084794
READ MORE

Using Webhooks to Integrate Nexus Lifecycle with Red Hat Quay - Part 1

By Curtis Yanko on May 07, 2019 Red Hat

3 minute read time

How to use Webhooks to integrate Red Hat's Quay into Sonatype's Nexus Lifecycle for devsecops and container security in Docker.
Read More...
GettyImages-179140657
READ MORE

Getting Started With Sonatype DepShield: An Introduction

By Casey Dunham on May 06, 2019 github

8 minute read time

Sonatype’s GitHub application DepShield scans your GitHub repository and analyzes dependencies for known vulnerabilities. The best part is that it’s free!
Read More...