Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Operating Without an OSS License? That Could Be Dangerous!

By Derek Weeks on April 17, 2019 Nexus Lifecycle
The intent of OSS licensing is to to make sure software can remain open source and freely used. But, some licenses contain requirements that could conflict with your business objectives - it's
Read More...

Sonatype and HackerOne eliminate the pain of reporting open source software vulnerabilities

By Bruce Mayhew on March 21, 2019 Everything Open Source
Sonatype has teamed up with HackerOne to build The Central Security Project, a pioneering program that brings together the ethical hacker and open source communities to streamline the process for
Read More...

Vor Security brings OSS Index to Sonatype

By Brian Fox on June 29, 2017 vulnerability
Vor Security acquisition, extended language coverage, ossindex.net
Read More...

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management
Read More...

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management
Read More...

Code, Cars, and Congress: A Time for Cyber Supply Chain Management

Code, Cars, and Congress: A Time for Cyber Supply Chain Management
Read More...

Rubyists Rejoice - Nexus Supports RubyGem Repositories

By Brian Fox on December 01, 2014 nexus pro
Rubyists Rejoice - Nexus Supports RubyGem Repositories
Read More...