Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

How to Easily Identify Conda Vulnerabilities Using Sonatype Jake

By Aditya Khanduri on February 20, 2020 Everything Open Source
Jake, a free tool, identifies vulnerabilities in a Conda environment. It's simple to use, saves time, and empowers you to develop Python projects faster.
Read More...

Helm & Nexus: Steering Towards Faster Deployments in Nexus 3.21

By Brent Kostak on February 19, 2020 The Central Repository
Nexus Repository 3.21 now supports Helm, P2, and NuGet V3 proxy repositories to enhance container automation and provide faster deployments.
Read More...

Get the Latest DevSecOps Reference Architecture

By DJ Schleen on February 13, 2020 reference architecture
Based on community feedback the 2020 DevSecOps Reference Architecture now includes continuous education, mobile delivery, and rearrangement of controls.
Read More...

Nexus Intelligence Insights CVE-2020-2100: Jenkins - UDP Amplification Reflection Attack Leading to Distributed Denial of Service (DDoS)

By Akshay 'Ax' Sharma on February 12, 2020 vulnerabilities
CVE-2020-2100 takes advantage of the fact that, by default, both UDP multicast/broadcast and DNS multicast traffic is enabled on Jenkins. Here's what to do.
Read More...

The “Big Hack” That Actually Happened - Chinese Military Implicated in Equifax Breach

By Matt Howard on February 11, 2020 vulnerabilities
Members of the Chinese Military were implicated in the attack on Equifax's software supply chain. It's time to take software supply chain hygiene seriously.
Read More...

Three DevSecOps Lessons Drawn from Conversations with 45 CISOs

By Matt Howard on January 29, 2020 CISO
CISOs reduce risk and significantly improve an organization's IT security posture by shifting more resources to the beginning of the digital supply chain.
Read More...

Nexus Innovator: David Radford-Grant of Achievers

By Katie McCaskey on January 16, 2020 devops best practices
Months of outages. Sure, support was available -- if the boss agreed to pay 10x more. Here's how one man fixed both issues using Nexus Repo Pro.
Read More...

Nexus Intelligence Insights: Sonatype-2020-0003 - npm malicious package 1337qq-js

By Elisa Velarde on January 15, 2020 vulnerabilities
In this month's Nexus Intelligence Insights, we cover Sonatype-2020-0003: npm malicious package 1337qq-js. Here's why it made noise but had no impact.
Read More...

How to Get Started With Nexus Repository Manager OSS

By Omkar Hiremath on January 14, 2020 Nexus Repository
Repository managers play an important role in software development. Learn how to use Nexus Repository Manager OSS to optimize package storage.
Read More...