CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

3 minute read time

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the.
Read More...

Nexus Platform - 2019 Year in Review

By Michelle Dufty on December 30, 2019 Sonatype Nexus

3 minute read time

We look back at features introduced in 2019 across Nexus Repository Manager and Nexus IQ Server (Lifecycle, Lifecycle Foundation, Firewall, and Auditor).
Read More...

Gartner: Mitigate Risk by Hardening the Software Supply Chain

By Katie McCaskey on December 12, 2019 Sonatype Nexus

5 minute read time

As Gartner explains, key to mitigating open source risk, is a hardened software supply chain. But, where do you start?
Read More...

Developers, Rejoice: Auto-Remediation Now Available in Eclipse, IntelliJ, and Visual Studio

By Sonal Thawani on July 08, 2019 Nexus Lifecycle

1 minute read time

Auto-remediation makes it even easier to choose the best component right within an IDE. The CIP now automatically suggests the compliant version.
Read More...

OSS for Enterprise: Procure Secure Components Faster & Manage Risk Better

By Carlos Schults on June 12, 2019 Nexus Lifecycle

3 minute read time

The CI ecosystem is large and complex, especially at a company like Discover.
Read More...

The Path Forward for the Nexus Platform

By Katie McCaskey on June 12, 2019 Nexus Lifecycle

3 minute read time

We’re seeing double and triple digit growth across usage, Nexus Repo instances, Nexus Repo scans, and daily apps under management. What comes next?
Read More...

OSS Endgame: Nexus Firewall as Your Shield Against Open Source Invasions

By Erik Dietrich on June 12, 2019 Nexus Firewall

3 minute read time

Put simply, Nexus Firewall enables the heroes. Mike Van Doren walked through how to get started using it at the 2019 Nexus User Conference.
Read More...

Salesforce and Nexus: The Real Results of Automation [Video]

By Mark Miller on November 14, 2018 Nexus Firewall

1 minute read time

Mary Lee from Salesforce explains how automating the open source component approval process for 800 jar files went from 25 days of manual evaluation down to 5.
Read More...

Nexus Firewall Extends Support for RubyGems and RPM

By Michelle Dufty on March 23, 2018 rpm

1 minute read time

Nexus Firewall now supports RubyGems and RPM
Read More...