Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the existing fix in place, creating
Read More...

Hitting the Trifecta with GitLab Automated Merge Requests

By Kevin Miller on August 11, 2020 Nexus Lifecycle
Say hello to GitLab automated merge requests. Developers can now leverage Nexus Intelligence's precision to provide expert remediation guidance in GitLab.
Read More...

Nexus Intelligence Insights:CVE-2020-13935 - Apache Tomcat Websocket - Denial of Service (DoS)

By Ax Sharma on July 29, 2020 vulnerabilities
July’s Nexus Intelligence Insight takes a deep dive into a Denial of Service (DoS) vulnerability impacting the popular Apache Tomcat Websocket component.
Read More...

New in Nexus Repository 3.25: How Do I Switch to NuGet V3?

By Brent Kostak on July 16, 2020 Nuget
Nexus Repository 3.25 is live! It provides complete support for NuGet V3 repositories, including new Group repos and gives access to the updated V3 API.
Read More...

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github
Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...

Trust and Courage are Essential to a Strong Team Culture

By Keith Sprochi on July 02, 2020 leadership
A healthy work culture is invaluable. I think that the Sonatype culture has two main ingredients: trust and courage.
Read More...

The Latest DevSecOps Podcast Playlist

By Katie McCaskey on July 01, 2020 devsecops
The latest playlist of DevSecOps podcast episodes discuss open source vulnerabilities, security, culture, and more.
Read More...

Money Doesn’t Buy Happiness, But Happy Developers Protect Money

By Derek Weeks on June 26, 2020 devsecops
Developers in mature DevOps practices are 1.2x happier than their grumpy peers in the financial sector. This impacts software security, and your wallet.
Read More...

Considering Nexus Auditor? You Should, But Know These Things First

By Kadi Grigg on June 25, 2020 JIRA
Nexus Auditor, in the right use case, is a solid, cost-effective solution. Is Nexus Auditor the solution for you? Maybe, maybe not. Here's how to find out.
Read More...