Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Keep GitHub Dependencies Secure with Nexus Lifecycle's Automated Pull Requests

By Michelle Dufty on November 12, 2019 new features
Sonatype has long been the world’s premier provider of open source health and hygiene data. Now, it's bringing that data to GitHub with six new Nexus integrations.
Read More...

Nexus Repo and Datree Integration Deliver Automated Pipeline Control

By Brent Kostak on November 01, 2019 github
Nexus Repository/Datree integration applies policy control on GitHub commits to bring together developer codebase visibility and build artifact management.
Read More...

Nancy, on a Boat! (Announcing Nancy for Docker)

By DJ Schleen on October 17, 2019 Docker
Nancy checks for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.
Read More...

Identifying Security Vulnerabilities Inside a Jenkins Pipeline

By Katie McCaskey on October 16, 2019 JenkinsCI
Justin Young (@whyjustin) demonstrates how a malicious component can access your connected network - and how to identify that component inside Jenkins.
Read More...

Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud

By Michelle Dufty on October 11, 2019 Nexus Lifecycle
The Nexus IQ Extension for Azure DevOps scans builds to identify open source security, license, or quality policy violations.
Read More...

CocoaPods and Conda in Nexus Repository 3.19

By Brent Kostak on October 02, 2019 Sonatype Nexus
Nexus Repository Manager, the most widely used universal binary repository manager, now features native format support for CocoaPods and Conda.
Read More...

The Dot Zero Conundrum and the New Frontier of Securing Open Source

By Brian Fox on September 24, 2019 code quality
Sonatype is combining a new type of behavioral analysis with machine learning and proprietary data, creating early warning capabilities to detect malicious releases of open source components.
Read More...

Win a $100 Gift Card: Take a Brief Survey on Software Composition Analysis

By Shade Solon on September 20, 2019 github
If you are excited about GitHub Actions, and want to understand the open source dependencies in your software, fill out this survey for a chance to win.
Read More...

Introducing a Better Way to Learn Sonatype Products

By Dan Fletcher on September 19, 2019 Sonatype training
Sonatype Learn is a new education portal that provides an engaging way to broaden and deepen your Sonatype skills. Access this material anytime, anywhere.
Read More...