One in Six Developers in Healthcare Report Open Source Breaches | Press Release

blog-logo Sonatype Blog

Activate Your Shield Against Open Source Invasions

By Katie McCaskey on August 09, 2019 open source management
Mike Van Doren, Sonatype Solution Architect, identifies the infinity stones that grant superpowers in the Nexus ecosystem.
Read More...

NIST Proposes Standards to Secure Government SDLC

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...

Top 5 Tomcat Vulnerabilities

By Sylvia Fronczak on June 12, 2019 vulnerability
If you spend time monitoring and patching OSS projects, you know Tomcat has some vulnerabilities. Today, Tomitribe walked us through 5 of those vulnerabilities.
Read More...

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability
Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Operating Without an OSS License? That Could Be Dangerous!

By Derek Weeks on April 17, 2019 Nexus Lifecycle
The intent of OSS licensing is to to make sure software can remain open source and freely used. But, some licenses contain requirements that could conflict with your business objectives - it's
Read More...

Sonatype and HackerOne eliminate the pain of reporting open source software vulnerabilities

By Bruce Mayhew on March 21, 2019 Everything Open Source
Sonatype has teamed up with HackerOne to build The Central Security Project, a pioneering program that brings together the ethical hacker and open source communities to streamline the process for
Read More...

How to Deploy the Artifacts of a Project to Nexus, with Maven

By Eugen Paraschiv on January 03, 2018 spring
How to deploy the artifacts of a project to Nexus, with Maven. By default, Maven handles the deployment mechanism via the maven-deploy-plugin.
Read More...

GDPR and OSS. How Are They Linked and Why Should You Care?

By Ryan Sheldrake on November 29, 2017 Everything Open Source
GDPR and OSS. How are they linked and why should you care?
Read More...

Vor Security brings OSS Index to Sonatype

By Brian Fox on June 29, 2017 vulnerability
Vor Security acquisition, extended language coverage, ossindex.net
Read More...