Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Sonatype Lifecycle enhancements boost speed, security, and productivity

6 minute read time

Sonatype Lifecycle’s new feature enhancements elevate security posture, developer productivity, and operational excellence. Read on for the full details.
Read More...
READ MORE

Sonatype's SBOM generation capabilities outpace the competition

8 minute read time

Better data, a dedicated security team, and the analytical capabilities of BOM Doctor are all part of what makes Sonatype's SBOM capabilities superior.
Read More...
READ MORE

New on Sonatype Learn: Easy Source Control Management (SCM) Onboarding

By Cerah Hedrick (they/them) on February 28, 2023 elearning

2 minute read time

Sonatype's latest eLearning course, Easy Source Control Management (SCM) Onboarding, teaches you how to import your SCM repositories into Nexus Lifecycle.
Read More...
READ MORE

Sonatype Lifecycle boosts open source security and dependency management

10 minute read time

Nexus Lifecycle is designed to monitor for problems at every stage of the software development life cycle (SDLC) and automatically address them.
Read More...
READ MORE

Developers need two things: The Sonatype Platform and a full pot of coffee

By Austin Bradley on December 13, 2022 Sonatype Platform

5 minute read time

Waiting too long to invest in security is too common. Sonatype's Nexus platform helps orgs protect themselves from known and unknown vulnerabilities.
Read More...
READ MORE

5 key open source software security risks and how to prevent them

By Luke Mcbride on December 01, 2022 shift left

5 minute read time

An in-depth look at several key open source security and license risks, along with plans and methods to insulate yourself or avoid them entirely.
Read More...
Metal chain links tied by a thin string
READ MORE

The no-fix mediums? Not having a high priority doesn’t mean low danger

By Luke Mcbride on October 31, 2022 vulnerabilities

5 minute read time

An ongoing weak link in the software supply chain is vulnerable software – are you being proactive or just putting out fires?
Read More...
READ MORE

Despite what some vendors say, please don't ignore Log4j

By Stephen Magill on September 26, 2022 vulnerabilities

5 minute read time

Ignoring Log4j and recommending that high-risk open source vulnerabilities be left in application code isn't just irresponsible, it's dangerous.
Read More...
READ MORE

Arming the defender force and securing the software supply chain: Helping developers implement CISA best practices - Part 1

By Eric Hill on September 19, 2022 secure software supply chain

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.
Read More...