Two new RubyGems laced with cryptocurrency-stealing malware taken down

By Ax Sharma on December 16, 2020 vulnerabilities

5 minute read time

RubyGems removed 2 gems from its repo that contained malicious code.
Read More...

Nexus Intelligence Insights: Protect Your Bitcoin from 700+ Malicious RubyGems with sonatype-2020-0196

By Ax Sharma on April 23, 2020 vulnerability

3 minute read time

Crafty attackers take advantage of the open source software supply chain through typographical errors. Not even the most sophisticated devs are immune.
Read More...

How Do Application-Level Package Managers Work?

By Ember DeBoer on January 23, 2020 repository manager

7 minute read time

Managing dependencies is a complex task. As Sam Boyer explains, “It’s not the algorithmic side that makes [application-level package managers] hard.”
Read More...

What is a Package Dependency Manager?

By Ember DeBoer on January 22, 2020 Apache Maven

4 minute read time

Terms like package manager, dependency management, repository, and repository manager are used in software development. Are we speaking a common language?
Read More...

Anatomy of the RubyGems ‘rest-client’ Hack, and Getting Creative About Open Source Security

By Brian Fox on August 23, 2019 open source security

3 minute read time

Last month, the RubyGems strong_password component was breached and injected with malicious code.
Read More...

Corrupting the Software Supply Chain: Lessons From the Bootstrap-sass Hack

By Elisa Velarde on April 09, 2019 vulnerability

2 minute read time

The boldness of bad actors is escalating in the world of open source software. From the event-stream / NPM incident in November of 2018, to the recent bootstrap-sass / Ruby Gems hack, bad actors are
Read More...

Nexus Intelligence Insights: CVE-2014-3483 - SQL Injection in PostgreSQL adapter for Active Record against 'range' data type

By Elisa Velarde on March 29, 2019 vulnerability

3 minute read time

In this month's Nexus Intelligence Insights we discuss an older component that is used by millions of developers.
Read More...

Nexus Repository Rising: Say Hello to the New Pro

By Derek Weeks on September 13, 2016 software bill of materials

3 minute read time

Upgrade to Nexus Repository Pro 3, now with active-active high availability. Build the best software using precise component intelligence.
Read More...

Delivering on a Promise: Free Nexus Training

By Mark Miller on December 04, 2014 nexus pro

2 minute read time

Delivering on a Promise: Free Nexus Training
Read More...