The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC

By Alyssa Shames on September 16, 2020 Nexus Lifecycle
Sonatypes new integration between NeuVector and Nexus Lifecycle combines NeuVector’s open source detection and mitigation capabilities at the container application, operating system, and runtime
Read More...

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the existing fix in place, creating
Read More...

Hitting the Trifecta with GitLab Automated Merge Requests

By Kevin Miller on August 11, 2020 Nexus Lifecycle
Say hello to GitLab automated merge requests. Developers can now leverage Nexus Intelligence's precision to provide expert remediation guidance in GitLab.
Read More...

New Language? No Problem. New Ecosystems in Nexus Lifecycle and Nexus Firewall

By Alyssa Shames on May 13, 2020 Nexus Lifecycle
New ecosystems added to Nexus Lifecycle and Nexus Firewall: Alpine, Bower, Cargo, CocoaPods, Conda, Conan, Composer, CRAN, Debian, Drupal and rpm.
Read More...

Nexus Repository: A Strategic Guide from Git to Governance

By Brent Kostak on April 30, 2020 Nexus Lifecycle
This guide explains the marketplace of source code management and git repos, application-level building and binary repos, and open source governance.
Read More...

We Speak Your Language - New Ecosystems Available in Nexus Lifecycle

By Alyssa Shames on March 12, 2020 Nexus Lifecycle
Create and contextually enforce custom security, license, and architectural policies across the SDLC. Nexus Lifecycle now includes C/C++, PHP, and Ruby.
Read More...

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

By Kevin Miller on March 03, 2020 Nexus Lifecycle
Enhanced JavaScript support provides improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the SDLC.
Read More...

Nexus Platform - 2019 Year in Review

By Michelle Dufty on December 30, 2019 Sonatype Nexus
We look back at features introduced in 2019 across Nexus Repository Manager and Nexus IQ Server (Lifecycle, Lifecycle Foundation, Firewall, and Auditor).
Read More...

Gartner: Mitigate Risk By Hardening the Software Supply Chain

By Katie McCaskey on December 12, 2019 Sonatype Nexus
As Gartner explains, key to mitigating open source risk, is a hardened software supply chain. But, where do you start?
Read More...