CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma
11 minute read time
Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks
Read More...
Streamline your SBOM management with SBOM Manager
4 minute read time
Discover Sonatype's new world-class tool designed to streamline the way you manage software bills of materials (SBOMs) across all of your software
Read More...
Secure Software Development Attestation Form: Sonatype helps you comply
6 minute read time
The CISA Secure Software Development Attestation Form sets cybersecurity standards for US Federal agency software purchases. Learn how Sonatype helps you comply with SSDF guidelines.
Read More...
Learn how Sonatype's AI/ML Component Detection transforms software development in an AI-driven world for top security, innovation and an easily managed software supply chain.
Read More...
Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library
5 minute read time
It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's
Read More...
CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component
6 minute read time
The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.
Read More...
Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day
3 minute read time
Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week
Read More...
Introducing our 9th annual State of the Software Supply Chain report
5 minute read time
Sonatype announces the arrival of our 9th annual State of the Software Supply Chain report that explores open source security, industry trends, and more.
Read More...
Unlocking the power of generative AI in software development: Insights from Sonatype's survey
4 minute read time
Explore the influence of generative AI in software development via the results of Sonatype's recent survey involving 400 DevOps and 400 SecOps leaders
Read More...