Slaying the Dragon of OSS Legal Compliance with the Advanced Legal Pack

By Dariush Griffin on May 04, 2021 Nexus Lifecycle

3 minute read time

Open source can come with a plethora of legal obligations. Manual reviews can take hundreds of hours for 1 app. The Advanced Legal Packs automates that process giving developers and legal teams their
Read More...

Onboarding Nexus Lifecycle Through SCM

By Kevin Miller on April 22, 2021 Nexus Lifecycle

3 minute read time

We're simplifying the Nexus Lifecycle onboarding process, and making it easy to quickly onboard apps from a source control repository such as GitHub, GitLab, and Bitbucket.
Read More...

Why Sonatype is Acquiring MuseDev

By Brian Fox on March 16, 2021 Nexus Lifecycle

5 minute read time

Today, Sonatype acquired MuseDev, a developer-first source code analysis platform and unveiled the world’s first full-spectrum platform for strengthening cloud-native software supply chain
Read More...

Discord squashes critical Electron bugs: open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle

5 minute read time

Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

By Brian Fox on October 07, 2020 Nexus Lifecycle

4 minute read time

Sonatype's Advanced Development Pack will fundamentally change how teams manage code dependencies.
Read More...

GitLab: instant, inline, indispensable developer insights

By Kevin Miller on October 01, 2020 Nexus Lifecycle

3 minute read time

Nexus Lifecycle now gives you instant, inline, indispensable insights on your GitLab MRs to speed development, shift security left, and improve innovation.
Read More...

Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC

By Alyssa Shames on September 16, 2020 Nexus Lifecycle

3 minute read time

Sonatypes new integration between NeuVector and Nexus Lifecycle combines NeuVector’s open source detection and mitigation capabilities at the container application, operating system, and runtime
Read More...

CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

3 minute read time

While updating our data for CVE-2020-17479 in JPV, an open-source JSON schema validator, we discovered that the vulnerability could still be exploited with the existing fix in place, creating
Read More...

Hitting the Trifecta with GitLab Automated Merge Requests

By Kevin Miller on August 11, 2020 Nexus Lifecycle

2 minute read time

Say hello to GitLab automated merge requests. Developers can now leverage Nexus Intelligence's precision to provide expert remediation guidance in GitLab.
Read More...