This Week in Malware—Malicious 'Distutil' and Spring4Shell Active Exploitation

By Ax Sharma on April 22, 2022 github

7 minute read time

A malicious 'Distutil' PyPI package, active Spring4Shell exploitation by attackers deploying cryptominers, An open source tool that enabled users to add Google Play to PCs, but secretly installed
Read More...

Fixing a Vulnerability? Make Sure Your GitHub Isn't Showing Too Much

By Ax Sharma on April 04, 2022 github

5 minute read time

February's $326 million crypto hack at Wormhole and this month's findings by Sonatype shed light on the importance of secrets management for open source developers.
Read More...

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

By Ax Sharma on November 08, 2020 github

5 minute read time

Gitpaste-12, a worming botnet, is extremely versatile in its advanced capabilities as it leverages trustworthy sites like GitHub and Pastebin to host itself.
Read More...

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github

2 minute read time

Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...

DevSecOps Delivered: Automated GitHub Pull Requests

By Amir Shahmiri on May 08, 2020 github

1 minute read time

This episode is a quick demonstration of GitHub automated pull requests in Nexus Lifecycle, and why you would want to use them.
Read More...

Developers Gain Contextual Feedback with Automated Pull Request Commenting

By Kevin Miller on March 31, 2020 github

2 minute read time

Pull request comments provide contextual information about the individual branch a developer is working on, and changes that they may have introduced.
Read More...

Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure

By Brian Fox on March 16, 2020 github

3 minute read time

Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages.
Read More...

How to Use Sonatype OSS Index to Identify Security Vulnerabilities

By Casey Dunham on January 09, 2020 github

8 minute read time

OSS Index enables developers to quickly find vulnerabilities in any library with an easy-to-use search feature. Learn more, and how to access the plugins.
Read More...

Keep GitHub Dependencies Secure With Nexus Lifecycle's Automated Pull Requests

By Michelle Dufty on November 12, 2019 new features

2 minute read time

Sonatype has long been the world’s premier provider of open source health and hygiene data. Now, it's bringing that data to GitHub with six new Nexus integrations.
Read More...