The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Octopus Scanner Compromises 26 OSS Projects on GitHub

By Brian Fox on May 31, 2020 #OSSsecurity
The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new form of software supply chain attack targeting NetBeans projects.
Read More...

What Developers Need to Know About WhatsApp's Recent Security Dilemma

By Katie McCaskey on October 08, 2019 AppSec
Sonatype issues an Advisory Deviation Notice for CVE-2019-11932, a vulnerability that exploits processor memory and recently affected WhatsApp.
Read More...