CVE-2022-31289: Neither Bug nor Vulnerability

By Michael Prescott on June 16, 2022 vulnerability

3 minute read time

A recent report of a Nexus Repository vulnerability is not a security concern and no software update is required. A look at issue and similar concerns.
Read More...

How to Manage Your Open Source Licenses in 2022

By Luke Mcbride on June 02, 2022 licenses

6 minute read time

Development teams are using openly licensed software in their process, and lots of it. To comply with the requirements, you need license management tools.
Read More...

Take Control of Your InnerSource Components with InnerSource Insight

By Chris Good on May 11, 2022 Nexus Lifecycle

7 minute read time

InnerSource Insight, an industry-first capability, makes it easier and safer for developers to use components developed by others in their organization.
Read More...

Maven Central and Sigstore

By Jason Swank on March 03, 2022 Product Strategy

2 minute read time

Sonatype has been investing heavily in Maven Central, modernizing the platform & providing a developer experience of contemporary software registries.
Read More...

Scale Developer Security with  Expanded Nexus Platform Features

By Chris Good on February 17, 2022 Product Release

5 minute read time

New Nexus platform features make it even easier for developers to scale security and block open source vulnerabilities from entering the software supply chain.
Read More...

PyPI Flooded with 1,275 Dependency Confusion Packages

By Ax Sharma on January 24, 2022 vulnerabilities

5 minute read time

Popular Python open source software repository, PyPI has been flooded with over 1,200 dependency confusion packages by the same actor.
Read More...

How Large Organizations Can Easily Scan for Log4j Vulnerabilities

By Rishav Mishra on December 31, 2021 Nexus Lifecycle

7 minute read time

Large orgs looking for the Log4j vulnerability in 1000s of apps, can be more effective and efficient with Nexus Lifecycle and Easy SCM Onboarding.
Read More...

New Nexus Repository Visualizer Provides Insights into Log4j Usage

By Chris Good on December 30, 2021 Nexus Repository

4 minute read time

Vulnerable Log4j components are still in active use. New functionality available for Sonatype's Nexus Repository monitors and helps address these issues.
Read More...

How to Protect Yourself Against Trojan Source Unicode Attacks with Nexus Firewall

By Chris Good on December 03, 2021 Nexus Firewall

3 minute read time

A new kind of attack, Trojan Source, hides vulnerabilities in plain sight of open source code. Protect your development teams with Nexus Firewall.
Read More...