Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured
Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...

Securing Software Supply Chains and Dependency Confusion — An Industry Perspective

By Derek Weeks on March 08, 2021 featured
We sat down with experts from The Linux Foundation, Atlantic Council and Sonatype's own CTO to discuss recent software supply chain attacks, dependency confusion and security concerns.
Read More...

Sonatype Releases New Nexus Firewall Policy to Secure Software Supply Chains from "Dependency Confusion" Attacks

By Brent Kostak on March 04, 2021 Nexus Firewall
Sonatype’s new Dependency Confusion Policy Protection using Nexus Firewall and Nexus Repository can now automate dependency confusion protection at scale
Read More...

PyPI and npm Flooded with over 5,000 Dependency Confusion Copycats

By Ax Sharma on March 03, 2021 vulnerabilities
Both PyPi and npm are being inundated with malicious dependency confusion packages.
Read More...