Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud

By Michelle Dufty on October 11, 2019 Nexus Lifecycle
The Nexus IQ Extension for Azure DevOps scans builds to identify open source security, license, or quality policy violations.
Read More...

Alexa: What’s the Future of Cyber Security?

By Katie McCaskey on May 02, 2019 devsecops
The software supply chain connects everyone and everything but attacks to this connected web can be blatant and overt, with damaging consequences - especially within the federal government.
Read More...

Who Cares if Supermicro Happened. Supply Chain Attacks are Real and It’s Time to Pay Attention

Technology supply chain attacks are happening in the wild, and whether or not the Supermicro story is real, it should be a wake-up call for all of us.
Read More...

Fooled twice by the same open source problem? Shame on you. The data behind CVE-2017-8046.

By Brian Fox on March 07, 2018 known vulnerability
Organizations keep software applications safe, not by chance, but by preparation. Open source vulnerabilities like Struts 2 and Spring are going to happen, companies need continuous monitoring to
Read More...

Sonatype Statement: Struts2 and Equifax Breach

By Matt Howard on September 11, 2017 Open Source
Organizations like Equifax who leverage open source are responsible for practicing hygiene in a timely manner when fixes for vulnerabilities are available.
Read More...