Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

We Speak Your Language - New Ecosystems Available in Nexus Lifecycle

By Alyssa Shames on March 12, 2020 Nexus Lifecycle
Create and contextually enforce custom security, license, and architectural policies across the SDLC. Nexus Lifecycle now includes C/C++, PHP, and Ruby.
Read More...

Nexus Intelligence Insights: What's in a Ghostcat? CVE-2020-1938 Apache Tomcat - Local File Inclusion Potentially Leads to RCE

By Akshay 'Ax' Sharma on March 09, 2020 vulnerabilities
Ghostcat manipulates the widely used Apache Tomcat web server. No version of Tomcat released in the last 13 years is immune, unless properly patched.
Read More...

Celebrating #IWD2020

By Katie McCaskey on March 08, 2020 devsecops
In celebration of International Women's Day we share some of our favorite pieces produced by, or featuring, women in our industry over the last year.
Read More...

“Each for Equal”: 2020 International Women’s Day Theme Resonates in DevSecOps Because It Is a Business Issue

By Katie McCaskey on March 06, 2020 women in devops
Studies demonstrate a variety of immediate and ongoing business advantages accrued by gender diverse teams.
Read More...

Nexus Innovator: Ken D'Auria of The Hartford

By Katie McCaskey on March 06, 2020 devops best practices
Ken D'Auria, Director of Engineering at The Hartford, describes a four-part DevSecOps evolution familiar to others building secure applications.
Read More...

Kill the Restructure, Says Dr. Cherry Vu and Rob England [VIDEO]

By Mark Miller on March 05, 2020 featured
Culture is an emergent property of the complex work system. It is an output not an input. Change the attitudes and behaviors, then that becomes culture.
Read More...

Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree

By Mike Hoskins on March 04, 2020 npm
Building good hygiene habits as part of our development practice helps the community at large. Here's how to use Nexus Repository OSS as part of it.
Read More...

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

By Kevin Miller on March 03, 2020 Nexus Lifecycle
Enhanced JavaScript support provides improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the SDLC.
Read More...

Four Common Security Acronyms Explained

By DJ Schleen on March 02, 2020 security
SAST, DAST, CSA, OSSM, SCA? What do these acronyms mean, what exactly do they do, and why does it matter?
Read More...