Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Biden Executive Order on Cybersecurity Calls for Enhanced Software Supply Chain Security

Biden's Cybersecurity Executive Order mandates software supply chain security and secure development practices, including creating a software bill of materials for all applications.
Read More...

Slaying the Dragon of OSS Legal Compliance with the Advanced Legal Pack

By Dariush Griffin on May 04, 2021 Nexus Lifecycle
Open source can come with a plethora of legal obligations. Manual reviews can take hundreds of hours for 1 app. The Advanced Legal Packs automates that process giving developers and legal teams their
Read More...

Top 5 Reasons to join Sonatype’s 2021 DevSecOps Leadership Forum

By Sara Budsock on April 27, 2021 Events and Webinars
Join us on May 4 for real stories and tangible best practices from 8 DevSecOp experts on both sides of the development and security aisle.
Read More...

Onboarding Nexus Lifecycle Through SCM

By Kevin Miller on April 22, 2021 Nexus Lifecycle
We're simplifying the Nexus Lifecycle onboarding process, and making it easy to quickly onboard apps from a source control repository such as GitHub, GitLab, and Bitbucket.
Read More...

How We're Staying Connected with Our Channel Partners in a Virtual World

By Ashleigh Auld on April 22, 2021 featured
As part of our channel partner kickoff, we asked partners to share part of their country's culture in video, to bring us all a little closer in today's virtual world.
Read More...

What You Need to Know about the Codecov Incident: A Supply Chain Attack Gone Undetected for 2 Months

By Ax Sharma on April 19, 2021 vulnerabilities
A new software supply chain attack on software testing firm Codecov highlights why developers to take an active role in protecting their systems.
Read More...

Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt

By Ax Sharma on April 13, 2021 vulnerabilities
New malware exists in a brandjacking npm package called web-browserify that imitates the legitimate browserify component
Read More...

Meet the Developers Behind Sonatype’s Automated Malware Detection System Securing Open Source Supply Chains

By Ax Sharma on April 08, 2021 vulnerabilities
Meet the principal software engineers behind Sonatype's automated malware detection system, Release Integrity.
Read More...

Netmask Flaw Leaves Millions Vulnerable While a PHP Git Server is Hacked in Software Supply Chain Attack

By Ax Sharma on March 29, 2021 vulnerabilities
2 critical software supply chain attacks were uncovered today. An improper input validation vulnerability in the npm component netmask and an attack on PHP’s Git server.
Read More...