Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...

Does the SolarWinds’ Orion Security Advisory Impact Sonatype’s Product?

By Michael Griffin on December 23, 2020 News and Views
Sonatype is continuing to monitor the SolarWinds situation and our investigation is ongoing, but we can confirm that we do not use the SolarWinds Orion platform nor have we found any evidence of the
Read More...

Nexus Repository & Microsoft NuGet Gallery: OData Changes for NuGet V2

By Brent Kostak on December 10, 2020 Nuget
Following Microsoft's announced changes to the NuGet Gallery, and the depreciation of OData, see details on how Nexus Repository users can avoid V2 protocol errors by upgrading to NuGet V3.
Read More...

Open Source and Cloud Security Together at Last

By Kevin Miller on November 12, 2020 Nexus Lifecycle
Sonatype and Fugue partner to combine Open Source and Cloud Security and Compliance
Read More...

Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits

By Brent Kostak on November 11, 2020 Docker
Nexus as a Container Registry is a robust and completely free solution to help developers insulate themselves against any upstream rate charges from Docker Hub's new rate limit changes.
Read More...

Discord.dll: successor to npm “fallguys” malware went undetected for 5 months

By Ax Sharma on November 09, 2020 vulnerabilities
Sonatype has identified a series of counterfeit components in the npm ecosystem, Discord.dll, that are similar to the malicious “fallguys” npm package discovered in Sept.
Read More...

Trick or treat: that `twilio-npm` package is brandjacking malware in disguise!

By Ax Sharma on November 02, 2020 vulnerabilities
Sonatype’s Release Integrity, malicious code detection service, discovers twilio-npm` is brandjacking malware in disguise.
Read More...

Discord squashes critical Electron bugs: open source attacks continue to grow

By Ax Sharma on October 21, 2020 Nexus Lifecycle
Discord recently patched a set of critical vulns that could allow a skilled attacker to gain Remote Code Execution privileges on the users’ Desktop app.
Read More...

Making Developer’s Lives Easier as We Enter The New Frontier of Dependency Management

By Brian Fox on October 07, 2020 Nexus Lifecycle
Sonatype's Advanced Development Pack will fundamentally change how teams manage code dependencies.
Read More...