One in Six Developers in Healthcare Report Open Source Breaches | Press Release
blog-logo Sonatype Blog

RESOURCES

Content

Sonatype Partners

Community

Upcoming Events

SON_Display_Improve_Security_250x360@2x

Featured Article

Nexus Intelligence Insights:CVE-2020-13935 - Apache Tomcat Websocket - Denial of Service (DoS)

By Akshay 'Ax' Sharma on July 29, 2020 vulnerabilities

July’s Nexus Intelligence Insight takes a deep dive into a Denial of Service (DoS) vulnerability impacting the popular Apache Tomcat Websocket component.

Read More...

SHARE:

Filter by:
pull request commenting is visible in the code
READ MORE

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github
Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...
READ MORE

Developers Gain Contextual Feedback with Automated Pull Request Commenting

By Kevin Miller on March 31, 2020 github
Pull request comments provide contextual information about the individual branch a developer is working on, and changes that they may have introduced.
Read More...
clement-h-95YRwf6CNw8-unsplash-1
READ MORE

Keep GitHub Dependencies Secure with Nexus Lifecycle's Automated Pull Requests

By Michelle Dufty on November 12, 2019 new features
Sonatype has long been the world’s premier provider of open source health and hygiene data. Now, it's bringing that data to GitHub with six new Nexus integrations.
Read More...
iStock-175197685.jpg
READ MORE

Struts2 Exploited Again.  Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...
READ MORE

What’s in Your Software

By Matt Howard on January 15, 2016 Software Supply Chain

I can’t tell you how excited I am to be a part of the Sonatype team that is literally reinventing how quality software gets made. As the new guy leading marketing, my first test was to explain

Read More...
READ MORE

Did you wake up to an alert about the Java Deserialization vulnerability?

By Brian Fox on November 13, 2015 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...
READ MORE

Legal at DevOps Speed

By Derek Weeks on April 07, 2015 Sonatype Nexus

Paul is not part of our development team, he doesn’t want to be, and he certainly does not slow them down. But with that said, Paul knows how to work at DevOps speed. He knows legal reviews need to

Read More...
READ MORE

Open source components, a fine vintage or sour milk?

The U.S. recently overtook France as the world’s largest wine market. And here at Sonatype, we can proudly say we’ve contributed to this achievement. By not only consuming our fair share of wine but

Read More...
READ MORE

An Open Discussion on Open Source Review Boards

By Derek Weeks on March 17, 2014 Sonatype Says

The recent FS-ISAC whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers”, reveals the majority of internal software applications created by financial

Read More...
Twitter LinkedIn Facebook Instagram YouTube GitHub
Products
Security Research
Solutions
Resources
About
SON_logo_white@2x copy trimmed

Sonatype Headquarters - 8161 Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102
Australia Office - 5 Martin Place, Sydney, NSW 2000, Australia 
London Office - 168 Shoreditch High Street, E1 6HU London

Copyright © 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.

Terms of Service    Privacy Policy