The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Octopus Scanner Compromises 26 OSS Projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity
The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...

Tanya Janca is "Big Fan of SCA" [VIDEO]

By Zack Conord on May 15, 2020 devsecops
Zack Conord interviews Tanya Janca of SheHacksPurple about her new business and why she's eager to teach software composition analysis.
Read More...

DevSecOps Leadership Forum: 500 Innovators Learning from Shared Experiences

By Matt Howard on May 14, 2020 Community
This is a recap of experiences and insights shared at the 2020 DevSecOps Leadership Forum. On demand recordings of the event are now available for free.
Read More...

New in Nexus Repository 3.23: Nexus Intelligence via npm audit

By Brent Kostak on May 13, 2020 npm
Now developers can check for policy violations using the npm audit command built into the npm CLI, using the precise data of Nexus Intelligence.
Read More...

New Language? No Problem. New Ecosystems in Nexus Lifecycle and Nexus Firewall

By Alyssa Shames on May 13, 2020 Nexus Lifecycle
New ecosystems added to Nexus Lifecycle and Nexus Firewall: Alpine, Bower, Cargo, CocoaPods, Conda, Conan, Composer, CRAN, Debian, Drupal and rpm.
Read More...

Real Talk: What Users Really Look For in a Software Composition Analysis (SCA) Solution

By Alyssa Shames on May 12, 2020 AppSec
Real users explain what you should demand from your SCA tools, including visibility through an SBOM, continuous monitoring, and the ability to scan apps.
Read More...

Six Memorable Sessions with Government DevSecOp Leaders: What We Learned

By Jason Green on May 07, 2020 Cybersecurity
Chris Roberts, Ron Ross, Katie Arrington, Nicolas Chaillan, and Lauren Knausenberger join Sonatype leadership to discuss security trends in the government.
Read More...

Nexus Intelligence Insights: xlsx aka SheetJS - Regular Expression Denial of Service (ReDoS) and sonatype-2018-0622

By Akshay 'Ax' Sharma on May 06, 2020 vulnerabilities
The ReDoS vulnerability impacting the popular npm component SheetJS, also known as “xlsx,” was thought to be remedied through a fix, but no, not so fast.
Read More...

DevSecOps Leaders: The Conversation Continues Online, May 7th

By Matt Howard on May 04, 2020 devsecops
Learn from DevSecOps experts May 7th to align software, security, and operations resources so organizations innovate faster with less risk.
Read More...