Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
Sonatype acquired MuseDev and full-spectrum software supply chain management
READ MORE

Why Sonatype is acquiring MuseDev

By Brian Fox on March 16, 2021 Container Security

5 minute read time

Sonatype acquired MuseDev, a developer-first source code analysis platform and unveiled the world’s first full-spectrum platform for strengthening.
Read More...
Nexus Repository 3.30: Microsoft Azure Blob Storage Support
READ MORE

Sonatype Nexus Repository 3.30: Microsoft Azure Blob Storage support for expanded cloud deployments

By Brent Kostak on March 15, 2021 Product

4 minute read time

Sonatype Nexus Repository Pro users can now manage and deploy their critical infrastructure on Microsoft’s Azure Cloud Platform.
Read More...
Nexus Firewall Policy Solves for Dependency Confusion
READ MORE

Sonatype releases new Sonatype Repository Firewall policy to secure software supply chains from "dependency confusion" attacks

By Brent Kostak on March 04, 2021 featured

5 minute read time

Sonatype’s new Dependency Confusion Policy Protection using Nexus Firewall and Nexus Repository can now automate dependency confusion protection at scale
Read More...
Namespace Confusion Nexus Repository Routing Rules
READ MORE

Namespace confusion: Minimizing risk with Sonatype Nexus Repository

By Michael Prescott on February 10, 2021 namespace

3 minute read time

Nexus Repository (NXRM) can help minimize your risk against namespace confusion with a feature called repository routing rules.
Read More...
READ MORE

The Central Repository stands to support sailors from Bintray - three steps to take now to protect your builds from failing

By Ilkka Turunen on February 08, 2021 The Central Repository

8 minute read time

We've created a practical guide for Bintray users migrating to the Central Repository to follow and ensure that use and distribution of open source components.
Read More...
Migrating from Bintray to the Central Repository
READ MORE

What publishers need to know about migrating from JCenter / Bintray to the Central Repository

By Ilkka Turunen on February 08, 2021 The Central Repository

11 minute read time

A step-by-step guide publishers can follow to easily migrate from Bintray/JCenter to The Central Repository
Read More...
Moving Java components into The Central Repository, following JFrog sunsetting Bintray and JCenter
READ MORE

Dear Bintray and JCenter users - Here's what you need to know about the Central Repository

By Brian Fox on February 04, 2021 The Central Repository

3 minute read time

If you're freaking out about moving Java components into The Central Repository, following JFrog sunsetting Bintray, don’t worry. We’re here for you.
Read More...
READ MORE

CursedGrabber strikes again: Sonatype spots new malware campaign against software supply chains

3 minute read time

Sonatype has determined those behind the CursedGrabber Discord malware family, have published a new malware campaign against software supply chains
Read More...
software supply chain attack on Java developer community thwarted
READ MORE

Sonatype stops software supply chain attack aimed at the Java developer community

9 minute read time

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.
Read More...