Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

By Kevin Miller on July 30, 2021 Nexus Lifecycle
The Sonatype Nexus platform now evaluates and analyzes Javascript/Node components directly in IntelliJ IDEA.
Read More...

DevOps Made of Steel

By Phil Vuollet on June 29, 2021 Nexus Lifecycle
Security Analysts from U.S. Steel Corporation spoke at Sonatype's ELEVATE 2021, sharing their DevOps story and where Nexus Repository and Nexus Lifecycle fit into the journey.
Read More...

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...

Sonatype Launches Customer-Focused Program, Sonatype Innovate

By Maura Harwood on June 17, 2021 News and Views
Say hello to Sonatype Innovate—a program designed for innovators within the Sonatype community to collaborate, grow and learn from each other.
Read More...

3-2-1, Lift off! It’s Time to Elevate Your Development with Sonatype Lift

By Kevin Miller on June 15, 2021 code quality
Sonatype Lift is a new, cloud-native platform that enables developers to find and fix performance, reliability, and security bugs during code review.
Read More...

Open Source Attacks on the Rise: Top 8 Malicious Packages Found in npm

By Ax Sharma on June 08, 2021 featured
We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.
Read More...

Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured
Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...

Slaying the Dragon of OSS Legal Compliance with the Advanced Legal Pack

By Dariush Griffin on May 04, 2021 Nexus Lifecycle
Open source can come with a plethora of legal obligations. Manual reviews can take hundreds of hours for 1 app. The Advanced Legal Packs automates that process giving developers and legal teams their
Read More...

Sonatype + Muse: How Improved Code Quality Complements Enterprise SAST

By Matt Howard on April 29, 2021 SAST
MuseDev, Sonatype's innovative code analysis platform, is highly complementary to enterprise SAST tools like Fortify that surface a wide breadth of deep security issues that Muse doesn’t provide.
Read More...