Sonatype Selected by Equifax to Support OS Governance Press Release


Nexus Intelligence Insights January 2019

By Elisa Velarde on January 25, 2019 Nexus Intelligence

 Happy New Year!

To kick off 2019 we will be covering a vulnerability that is complex in context. All developers are aware of the varieties of privilege


A Lesson in Why “Security by Press Release” Is Detrimental

By Akshay 'Ax' Sharma on November 02, 2018 jQuery

Last week “news” broke about a 3-year old jQuery vulnerability that was just discovered, and had just been patched. On the surface, it sounded like a big


The Key to Enterprises Remaining Competitive Is Safe Open Source

A few years ago, I was sitting in a windowless conference room, watching a middle manager in the enterprise get ready to speak.  From the substance of the


New JavaScript intelligence now available in the Nexus Platform

By Michelle Dufty on August 29, 2018 Nexus Lifecycle

Today we released a new version of our JavaScript intelligence, making it easier for developers to analyze and remediate vulnerabilities and license issues.


Open Sourcing npm in Nexus Repository Manager 3

By Joseph Stephens on April 02, 2018 npm

While not all component formats within the Nexus Repository Manager (NXRM) have been open sourced yet in v3.x, we have always intended to do this. The next


Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

By Mark Miller on March 20, 2018 struts2

On March 1, 2018, the team at Semmle announced a critical vulnerability in the Pivotal Spring framework. The vulnerability was found by security researcher


DevSecOps Delivered: Fix an Open Source Vulnerability from within the IDE

By Stefania Chaplin on February 22, 2018 women in devops

Stefania Chaplin kicks off the DevSecOps Delivered Series on how to detect and fix open source vulnerabilities in your applications.


The OpenChain Project with Shane Coughlan [Podcast Interview]

By Mark Miller on January 12, 2018 OpenChain

The OpenChain Project identifies key recommended processes for effective open source management. The project builds trust in open source by making open