Sonatype Introduces Next Generation Dependency Management | Press Release

Sonatype Spots 275+ Malicious npm Packages Copying Recent Software Supply Chain Attacks that Hit 35 Organizations

By Ax Sharma on February 12, 2021 vulnerabilities
48 hours after a security researcher breached 35+ tech companies in a novel software supply chain attack, Sonatype’s Nexus Intelligence flagged 150+ copycat npm packages published by different
Read More...

Why Namespacing Matters in Public Open Source Repositories

By Brian Fox on February 10, 2021 The Central Repository
Sonatype's CTO explains why the Central Repository has always required namespacing and why all public open source repositories should too, following a new software way supply chain attack.
Read More...

Dependency Hijacking Software Supply Chain Attack Hits More Than 35 Organizations

By Ax Sharma on February 09, 2021 vulnerabilities
A security researcher managed to breach systems of over 35 tech companies in what has been described as a novel software supply chain attack.
Read More...

Dear Bintray and JCenter Users - Here’s What You Need to Know About The Central Repository

By Brian Fox on February 04, 2021 The Central Repository
If you're freaking out about moving Java components into The Central Repository, following JFrog sunsetting Bintray, don’t worry. We’re here for you.
Read More...

Sonatype and SVA join forces to help companies develop better, more secure software

By Stephen Bryans on January 19, 2021 News and Views
Sonatype and SVA, one of Germany’s leading system integrators, partner to help enterprise customers create vital open source security and SCA programs and protect their applications.
Read More...

Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product?

By Michael Griffin on December 23, 2020 News and Views
Sonatype is continuing to monitor the SolarWinds situation and our investigation is ongoing, but we can confirm that we do not use the SolarWinds Orion platform nor have we found any evidence of the
Read More...

The SolarWinds Software Supply Chain Attack: How Developers Can Protect Applications

By Derek Weeks on December 22, 2020 vulnerabilities
The SolarWinds software supply chain attack has made it clear that open source developers need to act now and intelligently manage third party dependencies to protect their apps.
Read More...

Breaching the U.S. Government through software supply chains: tracing the SolarWinds exploit upstream

By Ax Sharma on December 14, 2020 features
The U.S. Government and FireEye experienced breaches due malicious software code injected upstream in the software supply chain of of their vendor, SolarWinds, where it would then flow downstream
Read More...

Open Source and Cloud Security Together at Last

By Kevin Miller on November 12, 2020 Nexus Lifecycle
Sonatype and Fugue partner to combine Open Source and Cloud Security and Compliance
Read More...