Skip Navigation
Book a Demo
Book a Demo

Featured Article

Introducing our 9th annual State of the Software Supply Chain report

By Aaron Linskens on October 03, 2023 open source security

Sonatype announces the arrival of our 9th annual State of the Software Supply Chain report that explores open source security, industry trends, and more.

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

2 New RubyGems laced with cryptocurrency-stealing malware taken down

By Ax Sharma on December 16, 2020 vulnerabilities

5 minute read time

RubyGems removed 2 gems from its repo that contained malicious code. When run, it infected Windows machines and replaced any cryptocurrency wallet address it found on the user’s clipboard with the
Read More...
bitcoin
READ MORE

Nexus Intelligence Insights: Protect Your Bitcoin from 700+ Malicious RubyGems with sonatype-2020-0196

By Ax Sharma on April 23, 2020 vulnerability

3 minute read time

Crafty attackers take advantage of the open source software supply chain through typographical errors. Not even the most sophisticated devs are immune.
Read More...
READ MORE

How Do Application-Level Package Managers Work?

By Ember DeBoer on January 23, 2020 repository manager

7 minute read time

Managing dependencies is a complex task. As Sam Boyer explains, “It’s not the algorithmic side that makes [application-level package managers] hard.”
Read More...
READ MORE

What is a Package Dependency Manager?

By Ember DeBoer on January 22, 2020 Apache Maven

4 minute read time

Terms like package manager, dependency management, repository, and repository manager are used in software development. Are we speaking a common language?
Read More...
GettyImages-626241886
READ MORE

Anatomy of the RubyGems ‘rest-client’ Hack, and Getting Creative About Open Source Security

By Brian Fox on August 23, 2019 open source security

3 minute read time

Last month, the RubyGems strong_password component was breached and injected with malicious code. This is only the latest example of bad actors attacking developers at the source.
Read More...
GettyImages-1043609746
READ MORE

Corrupting the Software Supply Chain: Lessons From the Bootstrap-sass Hack

By Elisa Velarde on April 09, 2019 vulnerability

2 minute read time

The boldness of bad actors is escalating in the world of open source software. From the event-stream / NPM incident in November of 2018, to the recent bootstrap-sass / Ruby Gems hack, bad actors are
Read More...
GettyImages-1030922622
READ MORE

Nexus Intelligence Insights: CVE-2014-3483 - SQL Injection in PostgreSQL adapter for Active Record against 'range' data type

By Elisa Velarde on March 29, 2019 vulnerability

3 minute read time

In this month's Nexus Intelligence Insights we discuss an older component that is used by millions of developers. Say hello to CVE-2014-3483, a SQL injection vulnerability.
Read More...
READ MORE

Nexus Repository Rising: Say Hello to the New Pro

By Derek Weeks on September 13, 2016 software bill of materials

3 minute read time

Upgrade to Nexus Repository Pro 3, now with active-active high availability. Build the best software using precise component intelligence.
Read More...
READ MORE

Nexus Reaches 50,000

By Derek Weeks on February 27, 2015 repository manager

5 minute read time

Active Nexus instances have grown 100% within the past 18 months. Just awesome. And, YOU, our user community made it happen. As of today, we surpassed the milestone of 50,000 active Nexus installs!

Read More...