Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices

Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.
Read More...

Apache Servers Actively Exploited in the Wild, and the Importance of Prompt Patching

By Ax Sharma on October 05, 2021 vulnerabilities
New apache vulnerability exploited in the wild is the result of an incomplete path normalization logic
Read More...

2021 State of the Software Supply Chain: Open Source Security and Dependency Management Take Center Stage

As Open Source Continues to Fuel Digital Transformation, Sonatype's 2021 Software Supply Chain Report Reveals Important Trends
Read More...

Cyber Mayhem - Attackers Actively Exploit Vulnerable Confluence Servers, while 500,000 Fortinet VPNs See Passwords Leaked

By Ax Sharma on September 13, 2021 vulnerabilities
Last week severe zero-days in Atlassian Confluence, Fortinet devices, and Microsoft Office all needed patching following active exploits.
Read More...

Forrester Recognizes Sonatype as a Leader in Software Composition Analysis

By Brent Kostak on September 10, 2021 Forrester
Sonatype recognized as a leader in 2021 Forrester Wave on SCA with the strongest market presence and top policy management criterion.
Read More...

Cloud Security Concerns in 2021

By Kevin Miller on August 05, 2021 cloud
Cloud environments are growing in complexity, and challenging those responsible for keeping environments secure. We partnered with Fugue to uncover how cloud security professionals are handling the
Read More...

What Constitutes a Software Supply Chain Attack?

By Ax Sharma on August 03, 2021 vulnerabilities
ENISA feels the term software supply chain attack is overused, so what does constitute a supply chain attack?
Read More...

Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

By Kevin Miller on July 30, 2021 Nexus Lifecycle
The Sonatype Nexus platform now evaluates and analyzes Javascript/Node components directly in IntelliJ IDEA.
Read More...

This npm Package Could Have Brought Down Cloudflare’s Entire CDN and Millions of Websites

By Ax Sharma on July 16, 2021 vulnerabilities
Cloudflare has patched a critical vulnerability in its open source content delivery network, CDNJS, that threatened the security, integrity, and availability of the wider supply chain.
Read More...