Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Enhancing software supply chain security: New Sonatype product capabilities

By Tara Flynn Condon on August 21, 2023 News and Views

3 minute read time

Sonatype announces the latest enhancements for Sonatype Repository Firewall, Sonatype Nexus Repository, and Sonatype Lifecycle.
Read More...
READ MORE

Arming the defender force and securing the software supply chain: Helping developers implement CISA best practices - Part 1

By Eric Hill on September 19, 2022 secure software supply chain

4 minute read time

Sonatype's Nexus Platform helps give DevSecOps practitioners the tools they need to help secure the software supply chain against malicious cyber attacks.
Read More...
Hand holding a small lock
READ MORE

CVE-2022-31289: Neither bug nor vulnerability

By Michael Prescott on June 16, 2022 vulnerability

3 minute read time

A recent report of a Nexus Repository vulnerability is not a security concern and no software update is required. A look at issue and similar concerns.
Read More...
Red markers among the building blocks of open source
READ MORE

New Sonatype Nexus Repository Visualizer provides insights into Log4j usage

By Chris Good on December 30, 2021 featured

4 minute read time

Vulnerable Log4j components are still in active use. New functionality available for Sonatype's Nexus Repository monitors and helps address these issues.
Read More...
Various tools
READ MORE

How DevOps at scale and tool onboarding relate

By Fred Jonkhart on November 29, 2021 Devops

12 minute read time

Supporting developers in their DevOps transformation means more than just access to services. A look enterprise CI/CD efforts at ABN AMRO.
Read More...
READ MORE

Update to CVE-2019-7238 in Nexus Repository Manager 3

By Brent Kostak on April 12, 2021 Nexus Repository 3

1 minute read time

An article was brought to our attention that suggests a new attack tactic is targeting an old vulnerability in NXRM, CVE-2019-7238.
Read More...
Nexus Repository 3.30: Microsoft Azure Blob Storage Support
READ MORE

Sonatype Nexus Repository 3.30: Microsoft Azure Blob Storage support for expanded cloud deployments

By Brent Kostak on March 15, 2021 Product

4 minute read time

Sonatype Nexus Repository Pro users can now manage and deploy their critical infrastructure on Microsoft’s Azure Cloud Platform.
Read More...
Nexus Firewall Policy Solves for Dependency Confusion
READ MORE

Sonatype releases new Sonatype Repository Firewall policy to secure software supply chains from "dependency confusion" attacks

By Brent Kostak on March 04, 2021 featured

5 minute read time

Sonatype’s new Dependency Confusion Policy Protection using Nexus Firewall and Nexus Repository can now automate dependency confusion protection at scale
Read More...
Namespace Confusion Nexus Repository Routing Rules
READ MORE

Namespace confusion: Minimizing risk with Sonatype Nexus Repository

By Michael Prescott on February 10, 2021 namespace

3 minute read time

Nexus Repository (NXRM) can help minimize your risk against namespace confusion with a feature called repository routing rules.
Read More...