Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

How Do Application-Level Package Managers Work?

By Ember DeBoer on January 23, 2020 repository manager
Managing dependencies is a complex task. As Sam Boyer explains, “It’s not the algorithmic side that makes [application-level package managers] hard.”
Read More...

What is a Package Dependency Manager?

By Ember DeBoer on January 22, 2020 Apache Maven
Terms like package manager, dependency management, repository, and repository manager are used in software development. Are we speaking a common language?
Read More...

Proxy a Conda Repository Using Nexus Repo

By Sable Yemane on November 15, 2019 python
Conda is popular with data scientists because they can take advantage of Python's flexibility while using existing C and Fortran models and libraries.
Read More...

PyPi 'Cheese Shop' Malware Illustrates Software Supply Chain Risk Vector

By Katie McCaskey on July 22, 2019 dependency injection
Malicious actors circumvented the PyPI package repo manager, a classic case demonstrating why understanding open source code dependencies is critical.
Read More...

Nexus Firewall Grows with Support for PyPI

By Jamie Whitehouse on April 19, 2017 Nexus Firewall
Sonatype’s Nexus Firewall enables development teams to evaluate every PyPI package they download from public repositories for license, security, & other risks
Read More...

Nexus Repository Rising: Say Hello to the New Pro

By Derek Weeks on September 13, 2016 software bill of materials
Upgrade to Nexus Repository Pro 3, now with active-active high availability. Build the best software using precise component intelligence.
Read More...