The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Nexus on the Ascent

By Brent Kostak on September 23, 2020 Nexus vs. Artifactory
Preferred 2:1 over JFrog Artifactory, Nexus Repository is stronger and more forward-thinking than ever.
Read More...

Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC

By Alyssa Shames on September 16, 2020 Nexus Lifecycle
Sonatypes new integration between NeuVector and Nexus Lifecycle combines NeuVector’s open source detection and mitigation capabilities at the container application, operating system, and runtime
Read More...

Nexus as a Container Registry

By Brent Kostak on September 09, 2020 Nexus Repository
Say hello to Nexus as a Container Registry! Built on enterprise storage capabilities, Nexus Repository is a robust package registry for all of your Docker images and Helm Chart repositories.
Read More...

Inside the “fallguys” malware that steals your browsing data and gaming IMs; Continued attack on open source software

By Akshay 'Ax' Sharma on September 02, 2020 vulnerabilities
This weekend a malicious component called “fallguys” was discovered on npm impersonating an API for the widely popular video game, Fall Guys: Ultimate Knockout. Its actual purpose, however, was
Read More...

Best-in-Class: Introducing Enhanced OSS Index Data

By Najla Dadmand on September 01, 2020 featured
Sonatype’s free catalog of open source components and scanning tools for developers, OSS Index, now has more data, improved component choice and better remediation.
Read More...

From Prototype Pollution to full-on remote code execution, how can adversaries exploit npm modules?

By Akshay 'Ax' Sharma on August 19, 2020 vulnerabilities
August's Nexus Intelligence Insight looks at the NodeJS component express-fileupload which now has a critical Prototype Pollution vulnerability.
Read More...

Introducing our 2020 State of the Software Supply Chain Report

By Derek Weeks on August 12, 2020 Software Supply Chains
Sonatype's 2020 State of the Software Supply Chain Report shows that faster innovation and better risk management do not have to be mutually exclusive.
Read More...

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the existing fix in place, creating
Read More...

Hitting the Trifecta with GitLab Automated Merge Requests

By Kevin Miller on August 11, 2020 Nexus Lifecycle
Say hello to GitLab automated merge requests. Developers can now leverage Nexus Intelligence's precision to provide expert remediation guidance in GitLab.
Read More...