Critical New 0-day Vulnerability in Popular Log4j Library Discovered | Read Blog

PyPI Flooded with 1,275 Dependency Confusion Packages

By Ax Sharma on January 24, 2022 vulnerabilities
Popular Python open source software repository, PyPI has been flooded with over 1,200 dependency confusion packages by the same actor.

How Large Organizations Can Easily Scan for Log4j Vulnerabilities

By Rishav Mishra on December 31, 2021 Nexus Lifecycle
Large orgs looking for the Log4j vulnerability in 1000s of apps, can be more effective and efficient with Nexus Lifecycle and Easy SCM Onboarding.

New Nexus Repository Visualizer Provides Insights into Log4j Usage

By Chris Good on December 30, 2021 Nexus Repository
Vulnerable Log4j components are still in active use. New functionality available for Sonatype's Nexus Repository monitors and helps address these issues.

How to Protect Yourself Against Trojan Source Unicode Attacks with Nexus Firewall

By Chris Good on December 03, 2021 Nexus Firewall
A new kind of attack, Trojan Source, hides vulnerabilities in plain sight of open source code. Protect your development teams with Nexus Firewall.

New Nexus Lifecycle Enhancements Deliver Faster Remediation Experience

By Chris Good on December 03, 2021 Nexus Lifecycle
Prevent development hazards with new Nexus Lifecycle features to quickly compare versions, avoid vulnerabilities, and evaluate open source licenses.

New Nexus Firewall Release with Developer-First Enhancements

By Chris Good on November 16, 2021 Nexus Firewall
With increasing attacks targeting developers, Sonatype’s new Nexus Firewall features improve application security and developer productivity.

Javascript Scanning Now Supported In Jetbrains IDEs: Intellij IDEA, Webstorm, and More

By Kevin Miller on July 30, 2021 Nexus Lifecycle
The Sonatype Nexus platform now evaluates and analyzes Javascript/Node components directly in IntelliJ IDEA.

DevOps Made of Steel

By Phil Vuollet on June 29, 2021 Nexus Lifecycle
Security Analysts from U.S. Steel Corporation spoke at Sonatype's ELEVATE 2021, sharing their DevOps story and where Nexus Repository and Nexus Lifecycle fit into the journey.

How Does Securing the Software Supply Chain Fit the DoD CIO Zero Trust Architecture?

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.