Featured Article

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

How Stolen Information Stealers are Fueling an Underground Market

By Hernán Ortiz on February 27, 2023 Known Vulnerabilities

9 minute read time

A look at the tactics, techniques, and procedures used to deploy a series of information stealers being uploaded to the PyPI registry.

Read More...

Malicious ‘aptX’ Python Package Drops Meterpreter Shell, Deletes ‘netstat’

By Ax Sharma on February 08, 2023 Known Vulnerabilities

4 minute read time

Sonatype identified malicious Python packages on the PyPI software registry that carried out multiple nefarious activities.

Read More...

Caroling Through the Season: The Sounds of the 4shells

By Sonatype Developer Relations on December 21, 2022 Known Vulnerabilities

8 minute read time

As 2022 wraps up, we wanted to take a moment not only to reflect on Log4j but also on the other two “4shell” vulnerabilities that were disclosed.

Read More...

Malware Monthly - November 2022

By Sonatype Developer Relations on December 15, 2022 Known Vulnerabilities

12 minute read time

Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.

Read More...

What the OpenSSL Vulnerabilities Are…and Aren't (CVE-2022-3786 & CVE-2022-3602)

By Eddie Knight on November 01, 2022 Known Vulnerabilities

4 minute read time

It’s been a week since we were warned about the OpenSSL vulnerability. We're here to help you understand what this vulnerability is and what it is not.

Read More...

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

By Mark Miller on September 14, 2017 Known Vulnerabilities

1 minute read time

With the acknowledgement by Equifax this morning, we talk about who is responsible for this, the creators of the open source solutions or people who use them.

Read More...

The Nexus Firewall – Perimeter Defense for Software Development

By Mike Hansen on January 25, 2017 Known Vulnerabilities

4 minute read time

We now have a revolutionary way to improve speed and reduce risk through the quarantine of components with known vulnerabilities using Nexus Firewall.

Read More...

Screen_Shot_2016-07-06_at_7.25.55_PM.png

An Insider's View: Analyzing Software Supply Chains

By Samantha Mayhew on July 12, 2016 Known Vulnerabilities

5 minute read time

2016 state of the software supply chain report reveals the volume of open source component usage and quantifies the presence of known vulnerabilities.

Read More...

New Design, New Features: Maven Central Improvements for Developers

How Stolen Information Stealers are Fueling an Underground Market

Malicious ‘aptX’ Python Package Drops Meterpreter Shell, Deletes ‘netstat’

Caroling Through the Season: The Sounds of the 4shells

Malware Monthly - November 2022

What the OpenSSL Vulnerabilities Are…and Aren't (CVE-2022-3786 & CVE-2022-3602)

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

The Nexus Firewall – Perimeter Defense for Software Development

An Insider's View: Analyzing Software Supply Chains

Automated Nexus Reports on Licenses, Security, and More

Secure your software supply chain

Subscribe for all the latest software security news and events