Featured Article

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand its impact, potential risks

Read More

SHARE:

Sonatype_Blog_Logo_White
docker container
READ MORE

Community Updates: Nancy Has a New Ship, and Found oysteRs

By DJ Schleen on March 16, 2020 Docker

2 minute read time

Nancy checks for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index and Nexus IQ Server. Another community contribution is oysteR.
Read More...
READ MORE

Managing Nexus API Using Jenkins X

By Steve Boardwell on March 13, 2020 jenkins

6 minute read time

Steve Boardwell demonstrates how to create custom repositories in your Jenkins X managed Nexus server, and what is possible with the Nexus scripting API.
Read More...
READ MORE

Kill the Restructure, Says Dr. Cherry Vu and Rob England [VIDEO]

By Mark Miller on March 05, 2020 featured

3 minute read time

Culture is an emergent property of the complex work system. It is an output not an input. Change the attitudes and behaviors, then that becomes culture.
Read More...
Gradle plugin
READ MORE

New Sonatype Scan Gradle Plugin

By Guillermo Varela on February 28, 2020 Gradle

3 minute read time

The newest free plugin in the Sontaype toolbox is a Gradle plugin to scan, evaluate, and audit Gradle project dependencies. It is available now on GitHub.
Read More...
READ MORE

For Distributed Teams, It’s Not All About the Tools

By Mark Kilby on February 26, 2020 Teamwork

4 minute read time

A great distributed team starts with people with strong collaboration skills. The team needs time to understand each other's preferences to deliver value.
Read More...
READ MORE

How to Publish Java Artifacts to Nexus Using Jenkins and Maven

By Daniel Hernández on February 07, 2020 Nexus Repository

4 minute read time

In this article we are going to explore how you can publish Java artifacts (.ear, .jar, .war) to Nexus 3 using Jenkins and Maven.
Read More...
READ MORE

Why Do I Need a Binary Repository Manager?

By Ember DeBoer on January 30, 2020 repository manager

6 minute read time

Binary repository managers serve a couple of important functions as part of a modern software development lifecycle. This post explore several benefits.
Read More...
READ MORE

How Do Application-Level Package Managers Work?

By Ember DeBoer on January 23, 2020 repository manager

7 minute read time

Managing dependencies is a complex task. As Sam Boyer explains, “It’s not the algorithmic side that makes [application-level package managers] hard.”
Read More...
READ MORE

What is a Package Dependency Manager?

By Ember DeBoer on January 22, 2020 Apache Maven

4 minute read time

Terms like package manager, dependency management, repository, and repository manager are used in software development. Are we speaking a common language?
Read More...