Skip Navigation
Book a Demo
Book a Demo

Featured Article

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Discord squashes critical Electron bugs: open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle

5 minute read time

Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...
READ MORE

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

By Brian Fox on October 07, 2020 Nexus Lifecycle

4 minute read time

Sonatype's Advanced Development Pack will fundamentally change how teams manage code dependencies.
Read More...
READ MORE

GitLab: Instant, Inline, Indispensable Developer Insights

By Kevin Miller on October 01, 2020 Nexus Lifecycle

3 minute read time

Nexus Lifecycle now gives you instant, inline, indispensable insights on your GitLab MRs to speed development, shift security left, and improve innovation.
Read More...
READ MORE

Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC

By Alyssa Shames on September 16, 2020 Nexus Lifecycle

3 minute read time

Sonatypes new integration between NeuVector and Nexus Lifecycle combines NeuVector’s open source detection and mitigation capabilities at the container application, operating system, and runtime
Read More...
The return of Validation Bypass (CVE-2019-19507) in `jpv`
READ MORE

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

3 minute read time

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the existing fix in place, creating
Read More...
READ MORE

Hitting the Trifecta With GitLab Automated Merge Requests

By Kevin Miller on August 11, 2020 Nexus Lifecycle

2 minute read time

Say hello to GitLab automated merge requests. Developers can now leverage Nexus Intelligence's precision to provide expert remediation guidance in GitLab.
Read More...
READ MORE

Nexus Repository: A Strategic Guide from Git to Governance

By Brent Kostak on April 30, 2020 Nexus Lifecycle

6 minute read time

This guide explains the marketplace of source code management and git repos, application-level building and binary repos, and open source governance.
Read More...
READ MORE

We Speak Your Language - New Ecosystems Available in Nexus Lifecycle

By Alyssa Shames on March 12, 2020 Nexus Lifecycle

2 minute read time

Create and contextually enforce custom security, license, and architectural policies across the SDLC. Nexus Lifecycle now includes C/C++, PHP, and Ruby.
Read More...
free developer tools
READ MORE

Sonatype Rolls Out Enhanced JavaScript Scanning, npm Automated Pull Requests & More Free JS Developer Tools

By Kevin Miller on March 03, 2020 Nexus Lifecycle

2 minute read time

Enhanced JavaScript support provides improved accuracy, increased policy control, and faster remediation of open source vulnerabilities across the SDLC.
Read More...