Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

By Ax Sharma on February 05, 2024 vulnerability

5 minute read time

It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's
Read More...

Discord squashes critical Electron bugs: Open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle

6 minute read time

Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

3 minute read time

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the.
Read More...

Nexus Repository: A Strategic Guide from Git to Governance

By Brent Kostak on April 30, 2020 Nexus Lifecycle

6 minute read time

This guide explains the marketplace of source code management and git repos, application-level building and binary repos, and open source governance.
Read More...

We Speak Your Language - New Ecosystems Available in Nexus Lifecycle

By Alyssa Shames on March 12, 2020 Nexus Lifecycle

2 minute read time

Create and contextually enforce custom security, license, and architectural policies across the SDLC. Nexus Lifecycle now includes C/C++, PHP, and Ruby.
Read More...

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

By Kevin Miller on March 03, 2020 Nexus Lifecycle

2 minute read time

Enhanced JavaScript support provides improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the SDLC.
Read More...

Nexus Platform - 2019 Year in Review

By Michelle Dufty on December 30, 2019 Sonatype Nexus

3 minute read time

We look back at features introduced in 2019 across Nexus Repository Manager and Nexus IQ Server (Lifecycle, Lifecycle Foundation, Firewall, and Auditor).
Read More...

Gartner: Mitigate Risk by Hardening the Software Supply Chain

By Katie McCaskey on December 12, 2019 Sonatype Nexus

5 minute read time

As Gartner explains, key to mitigating open source risk, is a hardened software supply chain. But, where do you start?
Read More...

New Integration to Visual Studio Code - Nexus IQ and OSS Index

By Allen Hsieh on December 04, 2019 Nexus Lifecycle

4 minute read time

Introducing the new Nexus IQ integration for VS Code. If you want to understand how we built it, why we built it, and the problems it solves, read on.
Read More...