Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
Image of a red umbrella blocking part of the ground from rain all around it
READ MORE

Scale developer security with expanded Sonatype Platform features

By Chris Good on February 17, 2022 Product Release

5 minute read time

New Nexus platform features make it even easier for developers to scale security and block open source vulnerabilities from entering the software supply chain.
Read More...
image of a green python curled up on a tree branch
READ MORE

PyPI flooded with 1,275 dependency confusion packages

By Ax Sharma on January 24, 2022 vulnerabilities

6 minute read time

Popular Python open source software repository, PyPI has been flooded with over 1,200 dependency confusion packages by the same actor.
Read More...
READ MORE

How large organizations can easily scan for Log4j vulnerabilities

By Rishav Mishra on December 31, 2021 Product

7 minute read time

Large orgs looking for the Log4j vulnerability in 1000s of apps, can be more effective and efficient with Nexus Lifecycle and Easy SCM Onboarding.
Read More...
Red markers among the building blocks of open source
READ MORE

New Sonatype Nexus Repository Visualizer provides insights into Log4j usage

By Chris Good on December 30, 2021 featured

4 minute read time

Vulnerable Log4j components are still in active use. New functionality available for Sonatype's Nexus Repository monitors and helps address these issues.
Read More...
ASCII-art style trojan horse
READ MORE

How to protect yourself against Trojan Source unicode attacks with Sonatype Repository Firewall

By Chris Good on December 03, 2021 Open Source

3 minute read time

A new kind of attack, Trojan Source, hides vulnerabilities in plain sight of open source code. Protect your development teams with Nexus Firewall.
Read More...
Picking a specific item from a sea of options
READ MORE

New Sonatype Lifecycle enhancements deliver faster remediation experience

By Chris Good on December 03, 2021 Product Release

3 minute read time

Prevent development hazards with new Nexus Lifecycle features to quickly compare versions, avoid vulnerabilities, and evaluate open source licenses.
Read More...
Stylistic image of an umbrella covering security
READ MORE

New Sonatype Repository Firewall release with developer-first enhancements

By Chris Good on November 16, 2021 Open Source

3 minute read time

With increasing attacks targeting developers, Sonatype’s new Nexus Firewall features improve application security and developer productivity.
Read More...
Image of the code saying Hello and Javascript
READ MORE

JavaScript scanning now supported in JetBrains IDEs: Intellij IDEA, Webstorm, and more

By Sonatype on July 30, 2021 Product

2 minute read time

The Sonatype Nexus platform now evaluates and analyzes Javascript/Node components directly in IntelliJ IDEA.
Read More...
Image of the word Zero Trust
READ MORE

How does securing the software supply chain fit the DoD CIO zero trust architecture?

By Sonatype on June 24, 2021 software bill of materials

8 minute read time

Curious how the DoD Zero Trust Architecture relates to secure development and protecting your software supply chain? We're breaking that down for you.
Read More...