Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Despite what some vendors say, please don't ignore Log4j

By Stephen Magill on September 26, 2022 vulnerabilities

5 minute read time

Ignoring Log4j and recommending that high-risk open source vulnerabilities be left in application code isn't just irresponsible, it's dangerous.
Read More...
READ MORE

Arming the defender force and securing the software supply chain: Helping developers implement CISA best practices - Part 1

By Eric Hill on September 19, 2022 secure software supply chain

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.
Read More...
Image of a courtroom
READ MORE

Open source licensing shift: Fedora blocks Creative Commons CC0

By Luke Mcbride on August 01, 2022 Open Source

6 minute read time

Recent news of a popular license no longer allowed in open source projects underlines the ongoing evolution of licenses and legal risk.
Read More...
Woman on megaphone
READ MORE

Smarter policy and advanced component search with Sonatype Lifecycle updates

By Chris Good on June 30, 2022 search

5 minute read time

New features improve your software supply chain management tools with flexible controls, intelligent search, and better software project onboarding.
Read More...
a woman shouts into a megaphone
READ MORE

Take control of your InnerSource components with InnerSource insight

By Chris Good on May 11, 2022 featured

7 minute read time

InnerSource Insight, an industry-first capability, makes it easier and safer for developers to use components developed by others in their organization.
Read More...
Image of a spring
READ MORE

New Spring Framework RCE vulnerability confirmed - What to do?

7 minute read time

A new remote code execution flaw dubbed Springshell is affecting Spring-beans, exploiting a previously unknown security vulnerability.
Read More...
Stylized digital structures
READ MORE

New developer tools for open source dependency management

By Chris Good on March 15, 2022 Product Release

5 minute read time

Nexus platform customers can now access improved dependency visualization, better track policy exceptions, and work with PHP.
Read More...
READ MORE

npm libraries 'colors' and 'faker' sabotaged in protest by their maintainer—What to do now?

By Ax Sharma on January 10, 2022 vulnerabilities

7 minute read time

Popular npm open source libraries, colors.js, and faker.js were sabotaged by their own maintainer. What does that mean for open source sustainability?
Read More...
READ MORE

How large organizations can easily scan for Log4j vulnerabilities

By Rishav Mishra on December 31, 2021 Product

7 minute read time

Large orgs looking for the Log4j vulnerability in 1000s of apps, can be more effective and efficient with Nexus Lifecycle and Easy SCM Onboarding.
Read More...