Skip Navigation
Book a Demo
Book a Demo

Featured Article

Unlocking the power of generative AI in software development: Insights from Sonatype's survey

By Aaron Linskens on September 12, 2023 Software Supply Chain

Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

npm manifest confusion – What is it and do you really need to worry about it?

By Ax Sharma on June 28, 2023 npm

4 minute read time

npm manifest confusion – what is it and do you really need to worry about it?
Read More...
READ MORE

Rule Over Your Dependencies and Scan at Your Own Open Source Risk

By Aaron Linskens on September 13, 2022 vulnerabilities

5 minute read time

A good way to make sure that your organization's vulnerabilities don't go unnoticed is conducting regular scans of open source used in your environments.
Read More...
Question marks on a chalkboard
READ MORE

Why Are Dependency Confusion Attacks Not Going Away?

By Ax Sharma on February 09, 2022 dependencies

4 minute read time

Sonatype has caught more than 63,000 suspicious packages, the majority of which are dependency confusion candidates. Why are these attacks not going away?
Read More...
GettyImages-530418574
READ MORE

PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector

By Katie McCaskey on July 22, 2019 dependency injection

3 minute read time

Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.
Read More...
READ MORE

How not to download the Internet

By Tim OBrien on April 19, 2011 Nexus Repo Reel

3 minute read time

How not to download the Internet
Read More...
READ MORE

Adding Dependencies Using m2eclipse

By Heather Loney on March 10, 2010 repository

1 minute read time

Adding Dependencies Using m2eclipse
Read More...