Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

How The Unicorn Project Aligns with The Phoenix Project

By Mark Miller on October 18, 2019 books
In this podcast Gene Kim, author of The Phoenix Project, discusses his new book, The Unicorn Project. Gene talks about the overlap in storylines and why he chose to speak for software developers.
Read More...

Sonatype a Recognized Cybersecurity, DevOps Tech Titan

By Katie McCaskey on October 15, 2019 awards
Sonatype brings home a Washingtonian Tech Titan, and Cybersecurity Leadership awards at the start of 2019's final quarter.
Read More...

Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud

By Michelle Dufty on October 11, 2019 Nexus Lifecycle
The Nexus IQ Extension for Azure DevOps scans builds to identify open source security, license, or quality policy violations.
Read More...

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

By Elisa Velarde on October 10, 2019 vulnerabilities
Our October Nexus Intelligence Insight takes a second look at a popular component that's both a blessing and a curse to developers - jackson-databind.
Read More...

CocoaPods and Conda in Nexus Repository 3.19

By Brent Kostak on October 02, 2019 Sonatype Nexus
Nexus Repository Manager, the most widely used universal binary repository manager, now features native format support for CocoaPods and Conda.
Read More...

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

By Elisa Velarde on September 27, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2019-15753: a MAC address aging vulnerability that opens up the potential for a DoS and information exposure attack.
Read More...

The Dot Zero Conundrum and the New Frontier of Securing Open Source

By Brian Fox on September 24, 2019 code quality
Sonatype is combining a new type of behavioral analysis with machine learning and proprietary data, creating early warning capabilities to detect malicious releases of open source components.
Read More...

CALMS: A Principle-based DevOps Framework

By Ember DeBoer on September 23, 2019 devops best practices
The CALMS framework for devops consists of Culture, Automation, Lean, Measurement, and Sharing.
Read More...

Win a $100 Gift Card: Take a Brief Survey on Software Composition Analysis

By Shade Solon on September 20, 2019 github
If you are excited about GitHub Actions, and want to understand the open source dependencies in your software, fill out this survey for a chance to win.
Read More...