One in Six Developers in Healthcare Report Open Source Breaches | Press Release

blog-logo Sonatype Blog

Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

By Kevin Miller on July 07, 2020 github
Pull Request line comments highlight code that introduces a policy violation. This gives developers the information needed to remediate security risks.
Read More...

UPDATE: 21 SaltStack Breaches with 2,900 Still Vulnerable

By Derek Weeks on May 31, 2020 vulnerabilities
When a vulnerability is announced in an open source project, ask immediately: have we ever used that open source component, and (if yes) where is it?
Read More...

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

By April Downey on May 28, 2020 vulnerabilities
DHS CISA lists Apache Struts as a top vulnerability. Yet, evidence shows it is still being downloaded - on average, by 10,000 organizations a month.
Read More...

The OWASP ZAP HUD

By Omkar Hiremath on May 26, 2020 vulnerabilities
ZAP is an open-source web application scanner and OWASP flagship project. Use ZAP to find vulnerabilities. Security expert Simon Bennetts demonstrates.
Read More...

Nexus Intelligence Insights: xlsx aka SheetJS - Regular Expression Denial of Service (ReDoS) and sonatype-2018-0622

By Akshay 'Ax' Sharma on May 06, 2020 vulnerabilities
The ReDoS vulnerability impacting the popular npm component SheetJS, also known as “xlsx,” was thought to be remedied through a fix, but no, not so fast.
Read More...

Nexus Intelligence Insights: Protect Your Bitcoin from 700+ Malicious RubyGems with sonatype-2020-0196

By Akshay 'Ax' Sharma on April 23, 2020 vulnerability
Crafty attackers take advantage of the open source software supply chain through typographical errors. Not even the most sophisticated devs are immune.
Read More...

Happy Developers Produce More Secure Software, Better Business Outcomes

By Derek Weeks on April 07, 2020 vulnerabilities
The 2020 DevSecOps Community Survey confirms correlations between DevSecOps culture and practices, and their influence on motivation and job satisfaction.
Read More...

Developers Gain Contextual Feedback with Automated Pull Request Commenting

By Kevin Miller on March 31, 2020 github
Pull request comments provide contextual information about the individual branch a developer is working on, and changes that they may have introduced.
Read More...

Nexus Vulnerability Scanner: Getting Started with Vulnerability Analysis

By Omkar Hiremath on March 26, 2020 vulnerabilities
Nexus Vulnerability Scanner is a free tool that scans your application for vulnerabilities and reports on its analysis.
Read More...