Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Six Memorable Sessions with Government DevSecOp Leaders: What We Learned

By Jason Green on May 07, 2020 Cybersecurity
Chris Roberts, Ron Ross, Katie Arrington, Nicolas Chaillan, and Lauren Knausenberger join Sonatype leadership to discuss security trends in the government.
Read More...

Nexus Intelligence Insights: xlsx aka SheetJS - Regular Expression Denial of Service (ReDoS) and sonatype-2018-0622

By Ax Sharma on May 06, 2020 vulnerabilities
The ReDoS vulnerability impacting the popular npm component SheetJS, also known as “xlsx,” was thought to be remedied through a fix, but no, not so fast.
Read More...

DevSecOps Leaders: The Conversation Continues Online, May 7th

By Matt Howard on May 04, 2020 devsecops
Learn from DevSecOps experts May 7th to align software, security, and operations resources so organizations innovate faster with less risk.
Read More...

Nexus Repository: A Strategic Guide from Git to Governance

By Brent Kostak on April 30, 2020 Nexus Lifecycle
This guide explains the marketplace of source code management and git repos, application-level building and binary repos, and open source governance.
Read More...

Nexus Innovator: Bryan Batty of Bloomberg Industry Group, a Four Part Conversation

By Katie McCaskey on April 24, 2020 featured
Bryan Batty of the Bloomberg Industry Group shares his experiences strengthening the software supply chain in a four part conversation with Mark Miller.
Read More...

Nexus Innovator: Bryan Batty von der Bloomberg Industry Group – ein vierteiliges Gespräch

By Mark Miller on April 24, 2020 featured
Bryan Batty von der Bloomberg Industry Group teilt in einem vierteiligen Gespräch mit Mark Miller seine Erfahrungen bezüglich der Stärkung der Software Supply Chain.
Read More...

Nexus Intelligence Insights: Protect Your Bitcoin from 700+ Malicious RubyGems with sonatype-2020-0196

By Ax Sharma on April 23, 2020 vulnerability
Crafty attackers take advantage of the open source software supply chain through typographical errors. Not even the most sophisticated devs are immune.
Read More...

Keep Applications Secure in Atlassian Bitbucket with Automated Pull Requests

By Kevin Miller on April 22, 2020 atlassian
The Nexus Lifecycle/Atlassian Bitbucket integration automates pull requests, fixing security vulnerabilities and maintaining the quality of dependencies.
Read More...

How to Use Nancy to Improve Your Go Application Security

By Jonathan Hall on April 17, 2020 AppSec
Nancy, as you may know by reputation, is a detective. She uses Sonatype's OSS Index to check for vulnerabilities in your Go dependencies.
Read More...