Skip Navigation

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

By Ax Sharma on June 22, 2023 vulnerability

3 minute read time

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Read More...

Sonatype sponsoring Red Hat Summit on May 23-25 in Boston

By Michael Tersigni on May 04, 2023 Red Hat

3 minute read time

A look at the yearly open source event for IT professionals to learn, collaborate, and innovate, including suggestions for visitors and talks.
Read More...

7 software license types explained: Open source and closed source

By Crystal Derakhshan on April 26, 2023 Open Source

7 minute read time

Navigate the complexities of software licenses with this comprehensive guide. Explore their differences, implications, & management strategies.
Read More...

How to convert your SBOM between SPDX and CycloneDX formats

7 minute read time

A step-by-step guide on how to convert between SBOM formats using tooling from the official repositories of SPDX and CycloneDX.
Read More...

Another SolarWinds? The latest software supply chain attack on 3CX

By Luke Mcbride on April 06, 2023 Software Supply Chain

6 minute read time

Get insights on the recent 3CX software supply chain attack and the growing importance of effective dependency management to protect against cyberattacks.
Read More...

Post-conference tech spec: Why building your ship (application) with raw materials is a bad idea

10 minute read time

Get all the details of the presentation that Jamie Coleman, Developer Advocate on Sonatype’s Developer Relations team, gave at Voxxed Days Zurich 2023.
Read More...

Sonatype Lifecycle enhancements boost speed, security, and productivity

6 minute read time

Sonatype Lifecycle’s new feature enhancements elevate security posture, developer productivity, and operational excellence. Read on for the full details.
Read More...

New design, new feature: Maven Central improvements for developers

By Amanda Yeo on March 28, 2023 open source security

2 minute read time

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.
Read More...

ChatGPT data leak and Redis race condition vulnerability that remains unfixed

By Ax Sharma on March 27, 2023 vulnerability

5 minute read time

Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...