Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Open Source Attacks on the Rise: Top 8 Malicious Packages Found in npm

By Ax Sharma on June 08, 2021 featured
We're rounding up the top 8 malicious cyber attacks on npm that Sonatype has discovered with its next-gen open source security and malware detection tool.
Read More...

Are You Still Wondering About Dependency Confusion Attacks?

By Luke Mcbride on June 03, 2021 featured
Despite positive legislation and standards, open source software supply chains remain vulnerable to Dependency Confusion attacks by impersonating legitimate namespace.
Read More...

Slaying the Dragon of OSS Legal Compliance with the Advanced Legal Pack

By Dariush Griffin on May 04, 2021 Nexus Lifecycle
Open source can come with a plethora of legal obligations. Manual reviews can take hundreds of hours for 1 app. The Advanced Legal Packs automates that process giving developers and legal teams their
Read More...

Sonatype + Muse: How Improved Code Quality Complements Enterprise SAST

By Matt Howard on April 29, 2021 SAST
MuseDev, Sonatype's innovative code analysis platform, is highly complementary to enterprise SAST tools like Fortify that surface a wide breadth of deep security issues that Muse doesn’t provide.
Read More...

Onboarding Nexus Lifecycle Through SCM

By Kevin Miller on April 22, 2021 Nexus Lifecycle
We're simplifying the Nexus Lifecycle onboarding process, and making it easy to quickly onboard apps from a source control repository such as GitHub, GitLab, and Bitbucket.
Read More...

Update to CVE-2019-7238 in Nexus Repository Manager 3

By Brent Kostak on April 12, 2021 Nexus Repository
An article was brought to our attention that suggests a new attack tactic is targeting an old vulnerability in NXRM, CVE-2019-7238. Ensure you're upgraded to the latest version.
Read More...

Understanding Nexus Container: 5 Technologies You Need for Full Life Cycle Container Security

By Alexander Dale on March 16, 2021 Container Security
Say hello to Nexus Container and explore the five technologies you need for full life cycle container security.
Read More...

Why Sonatype is Acquiring MuseDev

By Brian Fox on March 16, 2021 Nexus Lifecycle
Today, Sonatype acquired MuseDev, a developer-first source code analysis platform and unveiled the world’s first full-spectrum platform for strengthening cloud-native software supply chain
Read More...