Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...

Kaseya Ransomware: a Software Supply Chain Attack or Not?

By Matt Howard on July 06, 2021 vulnerabilities
As companies scramble to address and resolve this devastating attack, we look at what makes a supply chain and what it takes to address upstream attacks.
Read More...

DevOps Made of Steel

By Phil Vuollet on June 29, 2021 Nexus Lifecycle
Security Analysts from U.S. Steel Corporation spoke at Sonatype's ELEVATE 2021, sharing their DevOps story and where Nexus Repository and Nexus Lifecycle fit into the journey.
Read More...

What Does NIST’s Definition of Critical Software Mean to You?

By Matt Howard on June 28, 2021 government
NIST's definition of Critical Software in relation to the 2021 Cybersecurity Executive Order may seem broad, but its immediate implementation is limited.
Read More...

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...

Sonatype Catches New PyPI Cryptomining Malware

By Ax Sharma on June 21, 2021 vulnerabilities
New malicious typosquatting packages infiltrating the PyPI repository identified that secretly pull in cryptominers.
Read More...

3-2-1, Lift off! It’s Time to Elevate Your Development with Sonatype Lift

By Kevin Miller on June 15, 2021 code quality
Sonatype Lift is a new, cloud-native platform that enables developers to find and fix performance, reliability, and security bugs during code review.
Read More...

Open Source Attacks on the Rise: Top 8 Malicious Packages Found in npm

By Ax Sharma on June 08, 2021 featured
We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.
Read More...

Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured
Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...