Featured Article

python-dateutils—A Cryptominer in Disguise Targeting Windows, Linux, macOS

By Ax Sharma on June 29, 2022 vulnerabilities

We analyze a suspicious 'python-dateutils' PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux systems.

Read More

What to Consider When Crafting Your OSS Policy

By Filipp Kofman on July 15, 2021 legal

4 minute read time

Building a plan for using open source software in your company means less confusion and risk. A look at some of the necessities and ideals in handling freely available code.

Read More...

Gartner: The Crucial Role of OSS License Compliance

By Katie McCaskey on December 23, 2019 open source governance policy

4 minute read time

Gartner's SCA recommendations include deep understanding of OSS licensing. Operating without license compliance, intentionally or not, invites peril.

Read More...

Eight More Struts Breaches

By Derek Weeks on May 07, 2018 software bill of materials

3 minute read time

When using vulnerable versions of the framework, organizations are breached. Everyone knows the Equifax story, but for folks like me who have been paying closer attention, the story also includes the

Read More...

Struts One-Two Punch Knocks Out India

By Derek Weeks on May 02, 2018 open source governance policy

2 minute read time

The social security system of India, AADHAAR, was just breached due to a Struts related vulnerability exploited on their website. If you are not familiar with AADHAAR, it offers a 12-digital personal

Read More...

Open Source Governance Hits the C-Suite

By Derek Weeks on April 11, 2018 open source management

2 minute read time

The Wall Street Journal’s Adam Janofsky wrote an article entitled, How Companies Can Manage Risks Tied to Open-Source Software*. Coverage of this topic sheds light on a topic for executives, that has

Read More...

Nexus User Conference: Online, Free, June 6 - 7

By Derek Weeks on March 16, 2018 Nexus Lifecycle

1 minute read time

The first annual Nexus User Conference is online, June 6 - 7, 2018.

Read More...

Nexus Repository 3.9 Released with a new Upload UI and Firewall Support

By Daniel Sauble on March 01, 2018 open source governance policy

2 minute read time

e are pleased to announce the release of Nexus Repository 3.9. This release adds two major features: (1) Components can now be uploaded directly from the UI and (2) Nexus Repository Pro is no longer

Read More...

DevSecOps and GDPR: Why Open Source Risk Management Has Never Been More Important

By Matt Howard on October 29, 2017 open source governance policy

2 minute read time

Modern IT teams must: 1. accelerate innovation by harnessing the power of open source and 2. minimize risk by creating flexible controls to automate compliance.

Read More...

How a Software Bill of Materials Uncovers Known Vulnerabilities

By Derek Weeks on April 30, 2015 Cyber Supply Chain Management and Transparency Act

3 minute read time

How a Software Bill of Materials Uncovers Known Vulnerabilities

Read More...

Software composition analysis

Container Security

CODE QUALITY ANALYSIS

Repository MANAGEMENT

Complete Platform

Book a Demo

For Professionals

For Industries

Content

CUSTOMER Portal

Integrations & Free Tools

About us

Contact Us

Sonatype Blog

python-dateutils—A Cryptominer in Disguise Targeting Windows, Linux, macOS

What to Consider When Crafting Your OSS Policy

Gartner: The Crucial Role of OSS License Compliance

Eight More Struts Breaches

Struts One-Two Punch Knocks Out India

Open Source Governance Hits the C-Suite

Nexus User Conference: Online, Free, June 6 - 7

Nexus Repository 3.9 Released with a new Upload UI and Firewall Support

DevSecOps and GDPR: Why Open Source Risk Management Has Never Been More Important

How a Software Bill of Materials Uncovers Known Vulnerabilities

Products

Free Tools

Solutions

Resources

Customer Portal

Company